Operating system is Windows XP latest service pack.
Off to work but hopefully able to fix this when I get home..
XP Antispyware 2012 unable to run OTL [Solved]
Started by
Mishlof
, Jan 05 2012 03:23 PM
-
This topic is locked
#1
Posted 05 January 2012 - 03:23 PM
Mishlof
-
- Member
-
- 16 posts
Member
Operating system is Windows XP latest service pack.
Off to work but hopefully able to fix this when I get home..
#2
Posted 05 January 2012 - 03:29 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi rename OTL.exe to OTL.scr and that should allow it to run. But first
Download RogueKiller to your desktop
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 2 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
#3
Posted 05 January 2012 - 10:10 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
Roguekiller would not run, and I changed the extension, and it ran fine and seemed to attack the xp antivirus, but produced no TXT file. I changed the extension back to exe file, and ran it again, this time it was not stopped and it gave this report:
RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Steven Scharf [Admin rights]
Mode: Remove -- Date : 01/05/2012 23:05:34
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\hue.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\hue.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f74fcba97d023c145ebfc90e9f317178
[BSP] 91636af72c2ae25147e23c1b15725ab4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 31453 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 61432560 | Size: 288608 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 1cab90ceffb1e3a9b987e1bbf9a2da49
[BSP] ab72479aec65521f369859eb45e9f48a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 262147 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 512007615 | Size: 237957 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Knock on wood it seems to be gone, but waiting to see your final say
RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Steven Scharf [Admin rights]
Mode: Remove -- Date : 01/05/2012 23:05:34
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\hue.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\hue.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f74fcba97d023c145ebfc90e9f317178
[BSP] 91636af72c2ae25147e23c1b15725ab4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 31453 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 61432560 | Size: 288608 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 1cab90ceffb1e3a9b987e1bbf9a2da49
[BSP] ab72479aec65521f369859eb45e9f48a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 262147 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 512007615 | Size: 237957 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Knock on wood it seems to be gone, but waiting to see your final say
#4
Posted 06 January 2012 - 12:34 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I doubt if has totally gone so lets now check out the rest
Download OTL to your Desktop
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#5
Posted 06 January 2012 - 01:35 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
OTL logfile created on: 1/6/2012 2:26:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.44% Memory free
4.84 Gb Paging File | 4.20 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.21 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 972.36 Mb Free Space | 99.27% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.86 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
PRC - [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 17:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/12 13:27:56 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/11 13:45:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/14 10:10:38 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 10:02:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 09:53:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 09:44:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 09:44:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 09:44:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 09:42:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 09:42:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 12:20:28 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/14 09:14:26 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/01/07 12:40:30 | 015,988,224 | ---- | M] () -- C:\Program Files\GamersFirst\LIVE!\libcef.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/30 11:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/09/01 21:32:37 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/01 21:32:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/27 03:21:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/23 22:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/03/15 01:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 EA 4D FA E7 0E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://startpage.com...aff9d215f86efa0 "
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: m:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
[2009/07/27 17:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Extensions
[2011/12/12 13:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions
[2010/04/27 12:58:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 12:52:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/05 23:00:04 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\searchplugins\startpage.xml
[2011/12/14 20:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 11:02:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/08/09 16:10:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/12 13:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/12 13:27:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 13:27:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [igndlm.exe] M:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248717005187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248716974687 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/27 12:09:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/23 04:14:34 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/06 14:27:59 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/05 23:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Desktop\RK_Quarantine
[2012/01/05 16:12:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 16:11:50 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:11:49 | 004,370,492 | ---- | C] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/02 14:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OSU-gt RC9
[2012/01/02 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2011/12/13 14:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\My Documents\HeroBlade Logs
[2011/12/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/12 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/06 14:27:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/06 14:25:31 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/06 14:24:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/06 10:28:27 | 086,106,953 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/06 10:24:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/06 10:24:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/05 23:05:29 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:56:37 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 22:56:36 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 16:48:08 | 000,776,704 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:00:32 | 004,370,492 | ---- | M] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 10:41:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/01/02 23:50:48 | 000,036,632 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\pathfinder char.ods
[2012/01/02 17:09:28 | 000,248,813 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/02 14:28:11 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:21:19 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\My Documents\Dragondice.xml
[2012/01/02 14:06:29 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/23 11:02:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/19 14:25:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 10:42:37 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:49:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 11:38:56 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/05 23:01:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:59:41 | 000,776,704 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 10:54:56 | 000,015,366 | -HS- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 10:54:56 | 000,015,366 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/02 14:28:11 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:06:29 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/12 13:28:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/11 11:38:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/11/23 12:50:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/06 10:19:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/10/06 10:19:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/10/06 10:17:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/06/17 09:35:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/17 09:35:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-527237240-1417001333-839522115-1004-0.dat
[2010/10/11 18:07:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/09/13 18:26:18 | 000,067,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/27 09:36:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 04:24:16 | 002,444,656 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/06/10 13:30:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\PnkBstrK.sys
[2010/06/10 13:30:04 | 002,793,768 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/05/31 20:38:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/22 09:55:29 | 000,017,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 12:47:09 | 000,125,326 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\icarus-dxdiag.xml
[2010/03/08 01:07:11 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/08 01:07:01 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/08 01:06:46 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/02/18 14:47:06 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/10 18:36:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/19 13:34:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/01 21:32:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/01 21:32:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/27 19:42:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\fusioncache.dat
[2009/07/27 17:32:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/27 12:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/27 12:35:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/27 12:31:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 12:24:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/27 12:16:58 | 000,015,453 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/07/27 12:16:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/27 12:16:09 | 000,015,128 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/27 12:16:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/27 12:11:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 12:07:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 07:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/27 07:56:37 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/18 14:29:04 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,090,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/18 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/13 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/12 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/20 17:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/10/24 10:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/13 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010/11/12 11:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/04 07:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2010/01/11 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2010/12/01 04:32:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/03/22 15:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/22 16:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011/07/21 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/10/25 02:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/02/21 10:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011/10/04 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id software
[2010/04/12 15:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2012/01/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/07 15:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/07 15:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/21 11:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2009/09/21 22:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/11/12 13:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/31 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/08 08:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SEGA Corporation
[2011/12/06 03:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/10 17:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/03/08 01:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/04/05 13:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/27 13:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/28 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\.minecraft
[2011/10/13 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\AVG2012
[2011/08/16 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Basilisk Games
[2010/04/26 02:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Bioshock2
[2010/10/08 04:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\DriverCure
[2009/12/12 10:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\FOG Downloader
[2011/03/07 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GamesFaction
[2010/03/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Gearbox Software
[2010/10/07 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GetRightToGo
[2010/11/24 03:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hi-Rez Studios
[2011/09/05 20:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hothead Games
[2011/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ice-pick Lodge
[2011/10/04 12:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\id software
[2011/02/10 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Kalypso Media
[2011/05/17 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Lionhead Studios
[2011/10/04 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Local
[2011/01/26 06:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\MudTV
[2010/04/12 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\My Games
[2009/08/09 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\OpenOffice.org
[2011/07/21 11:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Origin
[2010/10/08 04:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ParetoLogic
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Rift
[2010/03/26 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\runic games
[2011/04/14 12:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sahmon Games
[2010/08/31 00:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SecondLife
[2010/06/08 08:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SEGA Corporation
[2010/06/12 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sierra Entertainment
[2011/07/11 21:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sony Online Entertainment
[2010/04/12 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Stardock
[2010/03/26 20:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SystemRequirementsLab
[2011/06/08 00:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\The Creative Assembly
[2010/05/31 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Tropico 3
[2009/07/27 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Turbine
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ubisoft
[2011/09/27 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\uTorrent
[2010/11/28 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ValuSoft
[2012/01/06 14:25:31 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/07 04:31:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/26 03:58:11 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/12/17 21:41:15 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3363C383-6B44-4F11-BF49-763FCC294DA7}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BEBF0DFA-5780-4090-B3DE-0B0B93B98F97}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D503E05B-9D0D-4CAE-B38A-ECBBAA9BBC69}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
========== Alternate Data Streams ==========
@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC6D0FCE
< End of report >
OTL Extras logfile created on: 1/6/2012 2:26:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.44% Memory free
4.84 Gb Paging File | 4.20 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.21 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 972.36 Mb Free Space | 99.27% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.86 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56184:TCP" = 56184:TCP:*:Enabled:Pando Media Booster
"56184:UDP" = 56184:UDP:*:Enabled:Pando Media Booster
"57175:TCP" = 57175:TCP:*:Enabled:Pando Media Booster
"57175:UDP" = 57175:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58763:TCP" = 58763:TCP:*:Enabled:Pando Media Booster
"58763:UDP" = 58763:UDP:*:Enabled:Pando Media Booster
"56184:TCP" = 56184:TCP:*:Enabled:Pando Media Booster
"56184:UDP" = 56184:UDP:*:Enabled:Pando Media Booster
"57175:TCP" = 57175:TCP:*:Enabled:Pando Media Booster
"57175:UDP" = 57175:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"N:\Program Files\Star Wars - The Old Republic\launcher.exe" = N:\Program Files\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic
"N:\Program Files\Star Wars-The Old Republic\launcher.exe" = N:\Program Files\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"M:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = M:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\NCSoft\Launcher\NCLauncher.exe" = C:\Program Files\NCSoft\Launcher\NCLauncher.exe:*:Enabled:NCsoft Launcher -- (NCSoft)
"D:\FallenEarth\Frontend.exe" = D:\FallenEarth\Frontend.exe:*:Enabled:Frontend.exe
"M:\Program Files\Cryptic Studios\Champions Online.exe" = M:\Program Files\Cryptic Studios\Champions Online.exe:*:Enabled:Champions Online -- ()
"N:\Program Files\Joymax\Darkeden\darkeden.exe" = N:\Program Files\Joymax\Darkeden\darkeden.exe:*:Enabled:DarkEden
"M:\Program Files\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe" = M:\Program Files\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client
"N:\Program Files\ccp\eve\bin\ExeFile.exe" = N:\Program Files\ccp\eve\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"M:\Program Files\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe" = M:\Program Files\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2
"M:\Program Files\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe" = M:\Program Files\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:Bioshock 2 Multiplayer
"M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe" = M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe:*:Enabled:F.E.A.R.: Extraction Point
"M:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = M:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet
"M:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = M:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"M:\Program Files\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\pol.exe" = M:\Program Files\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer
"N:\Program Files\SecondLifeViewer2\SLVoice.exe" = N:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"N:\Program Files\SecondLifeViewer2\slplugin.exe" = N:\Program Files\SecondLifeViewer2\slplugin.exe:*:Enabled:slplugin
"M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe" = M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"N:\Program Files\Entropia Universe\bin32\Entropia.exe" = N:\Program Files\Entropia Universe\bin32\Entropia.exe:*:Enabled:Entropia -- ()
"M:\Program Files\Steam\steam.exe" = M:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"N:\Program Files\nexon\New Folder\Vindictus\en-US\NMService.exe" = N:\Program Files\nexon\New Folder\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"M:\Program Files\mektek.net\MTX\mtx.exe" = M:\Program Files\mektek.net\MTX\mtx.exe:*:Enabled:MTX
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"N:\Program Files\Entropia Universe\bin32\eigc\eigcc_main.exe" = N:\Program Files\Entropia Universe\bin32\eigc\eigcc_main.exe:*:Enabled:Voice Chat -- (Ericsson)
"D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"D:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe" = D:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe:*:Enabled:EA Core Server Application -- (Electronic Arts)
"M:\Program Files\Steam\SteamApps\common\daggerdale\Binaries\Win32\DnDGame.exe" = M:\Program Files\Steam\SteamApps\common\daggerdale\Binaries\Win32\DnDGame.exe:*:Enabled:DnDGame
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad -- ()
"M:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe" = M:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"M:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = M:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Disabled:Blizzard Downloader
"M:\Program Files\World of Warcraft\Launcher.exe" = M:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher
"M:\Program Files\Artifact Entertainment\Horizons\Istaria\istaria.exe" = M:\Program Files\Artifact Entertainment\Horizons\Istaria\istaria.exe:*:Disabled:istaria
"M:\Program Files\mektek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe" = M:\Program Files\mektek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe:*:Disabled:MechWarrior IV
"M:\Program Files\TimeGate Studios\Section 8\Binaries\S8Game-F.exe" = M:\Program Files\TimeGate Studios\Section 8\Binaries\S8Game-F.exe:*:Disabled:Section 8
"N:\Program Files\Taikodom\taikodom-game.exe" = N:\Program Files\Taikodom\taikodom-game.exe:*:Disabled:taikodom-game
"C:\Documents and Settings\Steven Scharf\My Documents\Downloads\sims2\YuLeech-bbo_manual_pdf.exe" = C:\Documents and Settings\Steven Scharf\My Documents\Downloads\sims2\YuLeech-bbo_manual_pdf.exe:*:Disabled:YuLeech
"N:\Program Files\Star Wars - The Old Republic\he603\retailclient\swtor.exe" = N:\Program Files\Star Wars - The Old Republic\he603\retailclient\swtor.exe:*:Enabled:Star Wars: The Old Republic
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"M:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe" = M:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"N:\Program Files\Star Wars-The Old Republic\launcher.exe" = N:\Program Files\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
"N:\Program Files\Star Wars-The Old Republic\betatest\retailclient\swtor.exe" = N:\Program Files\Star Wars-The Old Republic\betatest\retailclient\swtor.exe:*:Enabled:Star Wars: The Old Republic -- (BioWare, A Division of Electronic Arts)
"M:\Program Files\Steam\SteamApps\common\stronghold3\bin\win32_release\Stronghold3.exe" = M:\Program Files\Steam\SteamApps\common\stronghold3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold 3 -- ()
"M:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe" = M:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"M:\Program Files\Steam\SteamApps\common\dead island\DeadIslandGame.exe" = M:\Program Files\Steam\SteamApps\common\dead island\DeadIslandGame.exe:*:Enabled:Dead Island -- (Techland)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"M:\Program Files\Steam\SteamApps\common\alien swarm\srcds.exe" = M:\Program Files\Steam\SteamApps\common\alien swarm\srcds.exe:*:Disabled:Alien Swarm Dedicated Server
"N:\gPotato.com\Allods Online\bin\Launcher_old.exe" = N:\gPotato.com\Allods Online\bin\Launcher_old.exe:*:Disabled:Allods Launcher
"M:\Program Files\Steam\SteamApps\common\all points bulletin\Binaries\APB.exe" = M:\Program Files\Steam\SteamApps\common\all points bulletin\Binaries\APB.exe:*:Disabled:APB All Points Bulletin
"M:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe" = M:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Disabled:APB: APB.exe -- (K2 Network, Inc.)
"M:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = M:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Disabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
"M:\Program Files\2K Games\Borderlands\Binaries\Borderlands.exe" = M:\Program Files\2K Games\Borderlands\Binaries\Borderlands.exe:*:Disabled:Borderlands
"N:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = N:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Disabled:DarkCrusade
"M:\Program Files\Steam\SteamApps\common\dc universe online\UNREAL3\BINARIES\WIN32\DCGAME.EXE" = M:\Program Files\Steam\SteamApps\common\dc universe online\UNREAL3\BINARIES\WIN32\DCGAME.EXE:*:Disabled:DC Universe Online Windows Client
"M:\Program Files\dcuo\UNREAL3\BINARIES\WIN32\DCGAME.EXE" = M:\Program Files\dcuo\UNREAL3\BINARIES\WIN32\DCGAME.EXE:*:Disabled:DC Universe Online Windows Client
"M:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = M:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient
"D:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = D:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Disabled:dndclient
"N:\Program Files\Dragon Age\bin_ship\EACoreServer.exe" = N:\Program Files\Dragon Age\bin_ship\EACoreServer.exe:*:Disabled:EA Core Server Application
"M:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe" = M:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe:*:Disabled:EA Core Server Application
"M:\Program Files\Steam\SteamApps\common\Evil Genius\EvilGeniusLauncher.exe" = M:\Program Files\Steam\SteamApps\common\Evil Genius\EvilGeniusLauncher.exe:*:Disabled:Evil Genius -- ()
"M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEAR.exe" = M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEAR.exe:*:Disabled:F.E.A.R.
"M:\Program Files\Steam\SteamApps\common\fable 3\Fable3.exe" = M:\Program Files\Steam\SteamApps\common\fable 3\Fable3.exe:*:Disabled:Fable III Main Executable
"D:\FallenEarth\FEUpdater.exe" = D:\FallenEarth\FEUpdater.exe:*:Disabled:FEUpdater.exe
"M:\Program Files\Steam\SteamApps\common\front mission evolved trailer\smp.exe" = M:\Program Files\Steam\SteamApps\common\front mission evolved trailer\smp.exe:*:Disabled:Front Mission Evolved Trailer -- (Valve)
"M:\Program Files\Steam\SteamApps\common\galactic civilizations ii - ultimate edition\Twilight\GC2TwilightOfTheArnor.exe" = M:\Program Files\Steam\SteamApps\common\galactic civilizations ii - ultimate edition\Twilight\GC2TwilightOfTheArnor.exe:*:Disabled:Galactic Civilizations II: Ultimate Edition -- (Stardock Entertainment)
"M:\Heatwave Interactive\Gods & Heroes\Gods And Heroes\rome.exe" = M:\Heatwave Interactive\Gods & Heroes\Gods And Heroes\rome.exe:*:Disabled:Gods and Heroes
"M:\Program Files\Steam\SteamApps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe" = M:\Program Files\Steam\SteamApps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe:*:Disabled:Grotesque Tactics 2 - Dungeons and Donuts -- (Silent Dreams)
"M:\Program Files\Steam\SteamApps\the_renset\team fortress 2\hl2.exe" = M:\Program Files\Steam\SteamApps\the_renset\team fortress 2\hl2.exe:*:Disabled:hl2 -- ()
"M:\Program Files\Steam\SteamApps\common\hoard\win32\Reuben.exe" = M:\Program Files\Steam\SteamApps\common\hoard\win32\Reuben.exe:*:Disabled:HOARD - Demo
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"M:\Program Files\Steam\SteamApps\common\singularity\Binaries\Singularity.exe" = M:\Program Files\Steam\SteamApps\common\singularity\Binaries\Singularity.exe:*:Disabled:Singularity
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire.exe:*:Disabled:Sins of a Solar Empire
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Diplomacy.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Diplomacy.exe:*:Disabled:Sins of a Solar Empire - Diplomacy
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Entrenchment.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Entrenchment.exe:*:Disabled:Sins of a Solar Empire - Entrenchment
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Entrenchment.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Entrenchment.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Diplomacy.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Diplomacy.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"N:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" = N:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Disabled:Soulstorm
"D:\Program Files\Star Ruler\StarRuler.exe" = D:\Program Files\Star Ruler\StarRuler.exe:*:Disabled:StarRuler
"M:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = M:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Disabled:Stronghold 2
"M:\Program Files\Steam\SteamApps\common\the witcher 2\bin\witcher2.exe" = M:\Program Files\Steam\SteamApps\common\the witcher 2\bin\witcher2.exe:*:Disabled:The Witcher 2: Assasins of Kings
"N:\Program Files\Star Wars - The Old Republic\launcher.exe" = N:\Program Files\Star Wars - The Old Republic\launcher.exe:*:Disabled:TOR Launcher
"N:\Program Files\THQ\Dawn of War\W40k.exe" = N:\Program Files\THQ\Dawn of War\W40k.exe:*:Disabled:W40k
"N:\Program Files\THQ\Dawn of War\W40kWA.exe" = N:\Program Files\THQ\Dawn of War\W40kWA.exe:*:Disabled:W40kWA
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{140B5BC3-E263-397D-B1BB-C4095364FB6F}" = Catalyst Control Center InstallProxy
"{16C426FC-B3A4-41B8-9BED-BDAB6836F54D}" = OSU-gt RC9
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3686B63F-72CD-C0FB-1348-34DB78ADFC9C}" = CCC Help English
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58288FBC-C7E8-FE33-3009-199C219D3363}" = Catalyst Control Center Graphics Previews Common
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82448C0D-FB2A-4E10-9F2C-F404F067A85B}" = FallenEarth
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0EC7B14-C363-8FCF-728E-A94144B31518}" = AMD Catalyst Install Manager
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EFF5ECCC-20B9-68CE-A95A-A1500E4E0FF8}" = ccc-utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA798C4A-FE41-AE67-932F-F00CDAAA7723}" = Catalyst Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVG" = AVG 2012
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Champions Online" = Champions Online
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Download Manager" = Download Manager 2.3.10
"EA Installer.1074699979" = EA Installer
"EA Installer.1852938242" = EA Installer
"Entropia Universe" = Entropia Universe
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"GamersFirst LIVE!" = GamersFirst LIVE!
"Guild Wars" = Guild Wars
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"Steam App 201290" = Sins of a Solar Empire: Trinity
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 3720" = Evil Genius
"Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
"Steam App 47400" = Stronghold 3
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/22/2011 7:03:19 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application TESV.exe, version 1.1.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/28/2011 11:59:36 AM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/5/2011 8:33:55 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/5/2011 8:34:39 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/6/2011 7:01:59 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application GC2TwilightOfTheArnor.exe, version 2.0.4.1, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/11/2011 3:41:52 PM | Computer Name = GYPSE | Source = Application Error | ID = 1000
Description = Faulting application sins of a solar empire diplomacy.exe, version
1.3.4.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Error - 12/12/2011 2:49:50 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- There is a problem with this Windows Installer
package. A program run as part of the setup did not finish as expected. Contact
your support personnel or package vendor.
Error - 12/12/2011 2:49:50 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
Error - 1/5/2012 12:02:24 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.1.4341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/5/2012 12:04:08 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.1.4341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/15/2011 11:43:06 AM | Computer Name = GYPSE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 12/19/2011 3:26:32 PM | Computer Name = GYPSE | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.
Error - 12/23/2011 10:46:35 PM | Computer Name = GYPSE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 1/2/2012 3:51:51 PM | Computer Name = GYPSE | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.
< End of report >
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 14:33:39
-----------------------------
14:33:39.562 OS Version: Windows 5.1.2600 Service Pack 3
14:33:39.562 Number of processors: 2 586 0x170A
14:33:39.562 ComputerName: GYPSE UserName:
14:33:40.125 Initialize success
14:34:13.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:34:13.578 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
14:34:13.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
14:34:13.578 Disk 1 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
14:34:13.593 Disk 0 MBR read successfully
14:34:13.593 Disk 0 MBR scan
14:34:13.593 Disk 0 Windows XP default MBR code
14:34:13.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
14:34:13.593 Disk 0 Partition - 00 0F Extended LBA 275238 MB offset 61432560
14:34:13.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 275238 MB offset 61432623
14:34:13.609 Disk 0 scanning sectors +625121280
14:34:13.640 Disk 0 PE file @ sector 625121305 !
14:34:13.671 Disk 0 scanning C:\WINDOWS\system32\drivers
14:34:17.171 Service scanning
14:34:17.937 Modules scanning
14:34:20.562 Disk 0 trace - called modules:
14:34:20.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:34:20.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa7dab8]
14:34:20.578 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8aafb820]
14:34:20.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa32d98]
14:34:20.578 Scan finished successfully
14:34:28.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat"
14:34:28.937 The log file has been saved successfully to "C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.txt"
there you go, waiting your response.
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.44% Memory free
4.84 Gb Paging File | 4.20 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.21 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 972.36 Mb Free Space | 99.27% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.86 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
PRC - [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 17:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/12 13:27:56 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/11 13:45:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/14 10:10:38 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 10:02:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 09:53:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 09:44:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 09:44:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 09:44:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 09:42:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 09:42:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 12:20:28 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/14 09:14:26 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/01/07 12:40:30 | 015,988,224 | ---- | M] () -- C:\Program Files\GamersFirst\LIVE!\libcef.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/30 11:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/09/01 21:32:37 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/01 21:32:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/27 03:21:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/23 22:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/03/15 01:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 EA 4D FA E7 0E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://startpage.com...aff9d215f86efa0 "
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: m:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
[2009/07/27 17:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Extensions
[2011/12/12 13:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions
[2010/04/27 12:58:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 12:52:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/05 23:00:04 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\searchplugins\startpage.xml
[2011/12/14 20:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 11:02:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/08/09 16:10:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/12 13:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/12 13:27:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 13:27:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [igndlm.exe] M:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248717005187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248716974687 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/27 12:09:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/23 04:14:34 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/06 14:27:59 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/05 23:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Desktop\RK_Quarantine
[2012/01/05 16:12:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 16:11:50 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:11:49 | 004,370,492 | ---- | C] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/02 14:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OSU-gt RC9
[2012/01/02 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2011/12/13 14:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\My Documents\HeroBlade Logs
[2011/12/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/12 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/06 14:27:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/06 14:25:31 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/06 14:24:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/06 10:28:27 | 086,106,953 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/06 10:24:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/06 10:24:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/05 23:05:29 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:56:37 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 22:56:36 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 16:48:08 | 000,776,704 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:00:32 | 004,370,492 | ---- | M] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 10:41:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/01/02 23:50:48 | 000,036,632 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\pathfinder char.ods
[2012/01/02 17:09:28 | 000,248,813 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/02 14:28:11 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:21:19 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\My Documents\Dragondice.xml
[2012/01/02 14:06:29 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/23 11:02:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/19 14:25:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 10:42:37 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:49:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 11:38:56 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/05 23:01:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:59:41 | 000,776,704 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 10:54:56 | 000,015,366 | -HS- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 10:54:56 | 000,015,366 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/02 14:28:11 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:06:29 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/12 13:28:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/11 11:38:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/11/23 12:50:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/06 10:19:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/10/06 10:19:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/10/06 10:17:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/06/17 09:35:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/17 09:35:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-527237240-1417001333-839522115-1004-0.dat
[2010/10/11 18:07:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/09/13 18:26:18 | 000,067,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/27 09:36:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 04:24:16 | 002,444,656 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/06/10 13:30:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\PnkBstrK.sys
[2010/06/10 13:30:04 | 002,793,768 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/05/31 20:38:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/22 09:55:29 | 000,017,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 12:47:09 | 000,125,326 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\icarus-dxdiag.xml
[2010/03/08 01:07:11 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/08 01:07:01 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/08 01:06:46 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/02/18 14:47:06 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/10 18:36:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/19 13:34:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/01 21:32:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/01 21:32:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/27 19:42:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\fusioncache.dat
[2009/07/27 17:32:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/27 12:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/27 12:35:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/27 12:31:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 12:24:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/27 12:16:58 | 000,015,453 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/07/27 12:16:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/27 12:16:09 | 000,015,128 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/27 12:16:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/27 12:11:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 12:07:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 07:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/27 07:56:37 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/18 14:29:04 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,090,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/18 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/13 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/12 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/20 17:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/10/24 10:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/13 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010/11/12 11:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/04 07:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2010/01/11 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2010/12/01 04:32:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/03/22 15:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/22 16:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011/07/21 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/10/25 02:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/02/21 10:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011/10/04 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id software
[2010/04/12 15:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2012/01/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/07 15:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/07 15:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/21 11:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2009/09/21 22:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/11/12 13:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/31 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/08 08:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SEGA Corporation
[2011/12/06 03:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/10 17:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/03/08 01:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/04/05 13:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/27 13:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/28 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\.minecraft
[2011/10/13 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\AVG2012
[2011/08/16 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Basilisk Games
[2010/04/26 02:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Bioshock2
[2010/10/08 04:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\DriverCure
[2009/12/12 10:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\FOG Downloader
[2011/03/07 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GamesFaction
[2010/03/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Gearbox Software
[2010/10/07 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GetRightToGo
[2010/11/24 03:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hi-Rez Studios
[2011/09/05 20:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hothead Games
[2011/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ice-pick Lodge
[2011/10/04 12:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\id software
[2011/02/10 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Kalypso Media
[2011/05/17 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Lionhead Studios
[2011/10/04 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Local
[2011/01/26 06:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\MudTV
[2010/04/12 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\My Games
[2009/08/09 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\OpenOffice.org
[2011/07/21 11:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Origin
[2010/10/08 04:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ParetoLogic
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Rift
[2010/03/26 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\runic games
[2011/04/14 12:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sahmon Games
[2010/08/31 00:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SecondLife
[2010/06/08 08:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SEGA Corporation
[2010/06/12 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sierra Entertainment
[2011/07/11 21:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sony Online Entertainment
[2010/04/12 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Stardock
[2010/03/26 20:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SystemRequirementsLab
[2011/06/08 00:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\The Creative Assembly
[2010/05/31 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Tropico 3
[2009/07/27 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Turbine
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ubisoft
[2011/09/27 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\uTorrent
[2010/11/28 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ValuSoft
[2012/01/06 14:25:31 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/07 04:31:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/26 03:58:11 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/12/17 21:41:15 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3363C383-6B44-4F11-BF49-763FCC294DA7}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BEBF0DFA-5780-4090-B3DE-0B0B93B98F97}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D503E05B-9D0D-4CAE-B38A-ECBBAA9BBC69}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/12 13:27:54 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/25 07:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
========== Alternate Data Streams ==========
@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC6D0FCE
< End of report >
OTL Extras logfile created on: 1/6/2012 2:26:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.44% Memory free
4.84 Gb Paging File | 4.20 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.21 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 972.36 Mb Free Space | 99.27% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.86 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56184:TCP" = 56184:TCP:*:Enabled:Pando Media Booster
"56184:UDP" = 56184:UDP:*:Enabled:Pando Media Booster
"57175:TCP" = 57175:TCP:*:Enabled:Pando Media Booster
"57175:UDP" = 57175:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58763:TCP" = 58763:TCP:*:Enabled:Pando Media Booster
"58763:UDP" = 58763:UDP:*:Enabled:Pando Media Booster
"56184:TCP" = 56184:TCP:*:Enabled:Pando Media Booster
"56184:UDP" = 56184:UDP:*:Enabled:Pando Media Booster
"57175:TCP" = 57175:TCP:*:Enabled:Pando Media Booster
"57175:UDP" = 57175:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"N:\Program Files\Star Wars - The Old Republic\launcher.exe" = N:\Program Files\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic
"N:\Program Files\Star Wars-The Old Republic\launcher.exe" = N:\Program Files\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"M:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = M:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\NCSoft\Launcher\NCLauncher.exe" = C:\Program Files\NCSoft\Launcher\NCLauncher.exe:*:Enabled:NCsoft Launcher -- (NCSoft)
"D:\FallenEarth\Frontend.exe" = D:\FallenEarth\Frontend.exe:*:Enabled:Frontend.exe
"M:\Program Files\Cryptic Studios\Champions Online.exe" = M:\Program Files\Cryptic Studios\Champions Online.exe:*:Enabled:Champions Online -- ()
"N:\Program Files\Joymax\Darkeden\darkeden.exe" = N:\Program Files\Joymax\Darkeden\darkeden.exe:*:Enabled:DarkEden
"M:\Program Files\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe" = M:\Program Files\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client
"N:\Program Files\ccp\eve\bin\ExeFile.exe" = N:\Program Files\ccp\eve\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"M:\Program Files\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe" = M:\Program Files\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2
"M:\Program Files\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe" = M:\Program Files\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:Bioshock 2 Multiplayer
"M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe" = M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe:*:Enabled:F.E.A.R.: Extraction Point
"M:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = M:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet
"M:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = M:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"M:\Program Files\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\pol.exe" = M:\Program Files\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer
"N:\Program Files\SecondLifeViewer2\SLVoice.exe" = N:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"N:\Program Files\SecondLifeViewer2\slplugin.exe" = N:\Program Files\SecondLifeViewer2\slplugin.exe:*:Enabled:slplugin
"M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe" = M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"N:\Program Files\Entropia Universe\bin32\Entropia.exe" = N:\Program Files\Entropia Universe\bin32\Entropia.exe:*:Enabled:Entropia -- ()
"M:\Program Files\Steam\steam.exe" = M:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"N:\Program Files\nexon\New Folder\Vindictus\en-US\NMService.exe" = N:\Program Files\nexon\New Folder\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"M:\Program Files\mektek.net\MTX\mtx.exe" = M:\Program Files\mektek.net\MTX\mtx.exe:*:Enabled:MTX
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"N:\Program Files\Entropia Universe\bin32\eigc\eigcc_main.exe" = N:\Program Files\Entropia Universe\bin32\eigc\eigcc_main.exe:*:Enabled:Voice Chat -- (Ericsson)
"D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"D:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe" = D:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe:*:Enabled:EA Core Server Application -- (Electronic Arts)
"M:\Program Files\Steam\SteamApps\common\daggerdale\Binaries\Win32\DnDGame.exe" = M:\Program Files\Steam\SteamApps\common\daggerdale\Binaries\Win32\DnDGame.exe:*:Enabled:DnDGame
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad -- ()
"M:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe" = M:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"M:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = M:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Disabled:Blizzard Downloader
"M:\Program Files\World of Warcraft\Launcher.exe" = M:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher
"M:\Program Files\Artifact Entertainment\Horizons\Istaria\istaria.exe" = M:\Program Files\Artifact Entertainment\Horizons\Istaria\istaria.exe:*:Disabled:istaria
"M:\Program Files\mektek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe" = M:\Program Files\mektek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe:*:Disabled:MechWarrior IV
"M:\Program Files\TimeGate Studios\Section 8\Binaries\S8Game-F.exe" = M:\Program Files\TimeGate Studios\Section 8\Binaries\S8Game-F.exe:*:Disabled:Section 8
"N:\Program Files\Taikodom\taikodom-game.exe" = N:\Program Files\Taikodom\taikodom-game.exe:*:Disabled:taikodom-game
"C:\Documents and Settings\Steven Scharf\My Documents\Downloads\sims2\YuLeech-bbo_manual_pdf.exe" = C:\Documents and Settings\Steven Scharf\My Documents\Downloads\sims2\YuLeech-bbo_manual_pdf.exe:*:Disabled:YuLeech
"N:\Program Files\Star Wars - The Old Republic\he603\retailclient\swtor.exe" = N:\Program Files\Star Wars - The Old Republic\he603\retailclient\swtor.exe:*:Enabled:Star Wars: The Old Republic
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = M:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"M:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe" = M:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"N:\Program Files\Star Wars-The Old Republic\launcher.exe" = N:\Program Files\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
"N:\Program Files\Star Wars-The Old Republic\betatest\retailclient\swtor.exe" = N:\Program Files\Star Wars-The Old Republic\betatest\retailclient\swtor.exe:*:Enabled:Star Wars: The Old Republic -- (BioWare, A Division of Electronic Arts)
"M:\Program Files\Steam\SteamApps\common\stronghold3\bin\win32_release\Stronghold3.exe" = M:\Program Files\Steam\SteamApps\common\stronghold3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold 3 -- ()
"M:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe" = M:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"M:\Program Files\Steam\SteamApps\common\dead island\DeadIslandGame.exe" = M:\Program Files\Steam\SteamApps\common\dead island\DeadIslandGame.exe:*:Enabled:Dead Island -- (Techland)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"M:\Program Files\Steam\SteamApps\common\alien swarm\srcds.exe" = M:\Program Files\Steam\SteamApps\common\alien swarm\srcds.exe:*:Disabled:Alien Swarm Dedicated Server
"N:\gPotato.com\Allods Online\bin\Launcher_old.exe" = N:\gPotato.com\Allods Online\bin\Launcher_old.exe:*:Disabled:Allods Launcher
"M:\Program Files\Steam\SteamApps\common\all points bulletin\Binaries\APB.exe" = M:\Program Files\Steam\SteamApps\common\all points bulletin\Binaries\APB.exe:*:Disabled:APB All Points Bulletin
"M:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe" = M:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Disabled:APB: APB.exe -- (K2 Network, Inc.)
"M:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = M:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Disabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
"M:\Program Files\2K Games\Borderlands\Binaries\Borderlands.exe" = M:\Program Files\2K Games\Borderlands\Binaries\Borderlands.exe:*:Disabled:Borderlands
"N:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = N:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Disabled:DarkCrusade
"M:\Program Files\Steam\SteamApps\common\dc universe online\UNREAL3\BINARIES\WIN32\DCGAME.EXE" = M:\Program Files\Steam\SteamApps\common\dc universe online\UNREAL3\BINARIES\WIN32\DCGAME.EXE:*:Disabled:DC Universe Online Windows Client
"M:\Program Files\dcuo\UNREAL3\BINARIES\WIN32\DCGAME.EXE" = M:\Program Files\dcuo\UNREAL3\BINARIES\WIN32\DCGAME.EXE:*:Disabled:DC Universe Online Windows Client
"M:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = M:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient
"D:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = D:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Disabled:dndclient
"N:\Program Files\Dragon Age\bin_ship\EACoreServer.exe" = N:\Program Files\Dragon Age\bin_ship\EACoreServer.exe:*:Disabled:EA Core Server Application
"M:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe" = M:\Program Files\Mass Effect 2\Binaries\EACoreServer.exe:*:Disabled:EA Core Server Application
"M:\Program Files\Steam\SteamApps\common\Evil Genius\EvilGeniusLauncher.exe" = M:\Program Files\Steam\SteamApps\common\Evil Genius\EvilGeniusLauncher.exe:*:Disabled:Evil Genius -- ()
"M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEAR.exe" = M:\Program Files\Steam\SteamApps\common\fear ultimate shooter edition\FEAR.exe:*:Disabled:F.E.A.R.
"M:\Program Files\Steam\SteamApps\common\fable 3\Fable3.exe" = M:\Program Files\Steam\SteamApps\common\fable 3\Fable3.exe:*:Disabled:Fable III Main Executable
"D:\FallenEarth\FEUpdater.exe" = D:\FallenEarth\FEUpdater.exe:*:Disabled:FEUpdater.exe
"M:\Program Files\Steam\SteamApps\common\front mission evolved trailer\smp.exe" = M:\Program Files\Steam\SteamApps\common\front mission evolved trailer\smp.exe:*:Disabled:Front Mission Evolved Trailer -- (Valve)
"M:\Program Files\Steam\SteamApps\common\galactic civilizations ii - ultimate edition\Twilight\GC2TwilightOfTheArnor.exe" = M:\Program Files\Steam\SteamApps\common\galactic civilizations ii - ultimate edition\Twilight\GC2TwilightOfTheArnor.exe:*:Disabled:Galactic Civilizations II: Ultimate Edition -- (Stardock Entertainment)
"M:\Heatwave Interactive\Gods & Heroes\Gods And Heroes\rome.exe" = M:\Heatwave Interactive\Gods & Heroes\Gods And Heroes\rome.exe:*:Disabled:Gods and Heroes
"M:\Program Files\Steam\SteamApps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe" = M:\Program Files\Steam\SteamApps\common\grotesque tactics 2\x86_installer\GrotesqueTactics.exe:*:Disabled:Grotesque Tactics 2 - Dungeons and Donuts -- (Silent Dreams)
"M:\Program Files\Steam\SteamApps\the_renset\team fortress 2\hl2.exe" = M:\Program Files\Steam\SteamApps\the_renset\team fortress 2\hl2.exe:*:Disabled:hl2 -- ()
"M:\Program Files\Steam\SteamApps\common\hoard\win32\Reuben.exe" = M:\Program Files\Steam\SteamApps\common\hoard\win32\Reuben.exe:*:Disabled:HOARD - Demo
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"M:\Program Files\Steam\SteamApps\common\singularity\Binaries\Singularity.exe" = M:\Program Files\Steam\SteamApps\common\singularity\Binaries\Singularity.exe:*:Disabled:Singularity
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire.exe:*:Disabled:Sins of a Solar Empire
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Diplomacy.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Diplomacy.exe:*:Disabled:Sins of a Solar Empire - Diplomacy
"N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Entrenchment.exe" = N:\Program Files\Stardock\sins of solar empire\Sins of a Solar Empire Entrenchment.exe:*:Disabled:Sins of a Solar Empire - Entrenchment
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Entrenchment.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Entrenchment.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Diplomacy.exe" = M:\Program Files\Steam\SteamApps\common\sins of a solar empire trinity\Sins of a Solar Empire Diplomacy.exe:*:Disabled:Sins of a Solar Empire: Trinity -- (Ironclad Games)
"N:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" = N:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Disabled:Soulstorm
"D:\Program Files\Star Ruler\StarRuler.exe" = D:\Program Files\Star Ruler\StarRuler.exe:*:Disabled:StarRuler
"M:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = M:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Disabled:Stronghold 2
"M:\Program Files\Steam\SteamApps\common\the witcher 2\bin\witcher2.exe" = M:\Program Files\Steam\SteamApps\common\the witcher 2\bin\witcher2.exe:*:Disabled:The Witcher 2: Assasins of Kings
"N:\Program Files\Star Wars - The Old Republic\launcher.exe" = N:\Program Files\Star Wars - The Old Republic\launcher.exe:*:Disabled:TOR Launcher
"N:\Program Files\THQ\Dawn of War\W40k.exe" = N:\Program Files\THQ\Dawn of War\W40k.exe:*:Disabled:W40k
"N:\Program Files\THQ\Dawn of War\W40kWA.exe" = N:\Program Files\THQ\Dawn of War\W40kWA.exe:*:Disabled:W40kWA
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{140B5BC3-E263-397D-B1BB-C4095364FB6F}" = Catalyst Control Center InstallProxy
"{16C426FC-B3A4-41B8-9BED-BDAB6836F54D}" = OSU-gt RC9
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3686B63F-72CD-C0FB-1348-34DB78ADFC9C}" = CCC Help English
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58288FBC-C7E8-FE33-3009-199C219D3363}" = Catalyst Control Center Graphics Previews Common
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82448C0D-FB2A-4E10-9F2C-F404F067A85B}" = FallenEarth
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0EC7B14-C363-8FCF-728E-A94144B31518}" = AMD Catalyst Install Manager
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EFF5ECCC-20B9-68CE-A95A-A1500E4E0FF8}" = ccc-utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA798C4A-FE41-AE67-932F-F00CDAAA7723}" = Catalyst Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVG" = AVG 2012
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Champions Online" = Champions Online
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Download Manager" = Download Manager 2.3.10
"EA Installer.1074699979" = EA Installer
"EA Installer.1852938242" = EA Installer
"Entropia Universe" = Entropia Universe
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"GamersFirst LIVE!" = GamersFirst LIVE!
"Guild Wars" = Guild Wars
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"Steam App 201290" = Sins of a Solar Empire: Trinity
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 3720" = Evil Genius
"Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
"Steam App 47400" = Stronghold 3
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/22/2011 7:03:19 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application TESV.exe, version 1.1.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/28/2011 11:59:36 AM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/5/2011 8:33:55 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/5/2011 8:34:39 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer
Error - 12/6/2011 7:01:59 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application GC2TwilightOfTheArnor.exe, version 2.0.4.1, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/11/2011 3:41:52 PM | Computer Name = GYPSE | Source = Application Error | ID = 1000
Description = Faulting application sins of a solar empire diplomacy.exe, version
1.3.4.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Error - 12/12/2011 2:49:50 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- There is a problem with this Windows Installer
package. A program run as part of the setup did not finish as expected. Contact
your support personnel or package vendor.
Error - 12/12/2011 2:49:50 PM | Computer Name = GYPSE | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
Error - 1/5/2012 12:02:24 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.1.4341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/5/2012 12:04:08 PM | Computer Name = GYPSE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.1.4341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/13/2011 6:24:56 AM | Computer Name = GYPSE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 12/15/2011 11:43:06 AM | Computer Name = GYPSE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 12/19/2011 3:26:32 PM | Computer Name = GYPSE | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.
Error - 12/23/2011 10:46:35 PM | Computer Name = GYPSE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 1/2/2012 3:51:51 PM | Computer Name = GYPSE | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.
< End of report >
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 14:33:39
-----------------------------
14:33:39.562 OS Version: Windows 5.1.2600 Service Pack 3
14:33:39.562 Number of processors: 2 586 0x170A
14:33:39.562 ComputerName: GYPSE UserName:
14:33:40.125 Initialize success
14:34:13.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:34:13.578 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
14:34:13.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
14:34:13.578 Disk 1 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
14:34:13.593 Disk 0 MBR read successfully
14:34:13.593 Disk 0 MBR scan
14:34:13.593 Disk 0 Windows XP default MBR code
14:34:13.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
14:34:13.593 Disk 0 Partition - 00 0F Extended LBA 275238 MB offset 61432560
14:34:13.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 275238 MB offset 61432623
14:34:13.609 Disk 0 scanning sectors +625121280
14:34:13.640 Disk 0 PE file @ sector 625121305 !
14:34:13.671 Disk 0 scanning C:\WINDOWS\system32\drivers
14:34:17.171 Service scanning
14:34:17.937 Modules scanning
14:34:20.562 Disk 0 trace - called modules:
14:34:20.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:34:20.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa7dab8]
14:34:20.578 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8aafb820]
14:34:20.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa32d98]
14:34:20.578 Scan finished successfully
14:34:28.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat"
14:34:28.937 The log file has been saved successfully to "C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.txt"
there you go, waiting your response.
#6
Posted 06 January 2012 - 01:47 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK a few bits to kill now - on completion can you let me know what problems remain please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
THEN
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2012/01/05 22:56:37 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
[2012/01/05 22:56:36 | 000,015,366 | -HS- | M] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\786ad73xp30i88646307chaamo5g553eic8ob03001g
@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
#7
Posted 06 January 2012 - 02:40 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
OTL logfile created on: 1/6/2012 3:32:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.75% Memory free
4.84 Gb Paging File | 4.19 Gb Available in Paging File | 86.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.47 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 967.86 Mb Free Space | 98.81% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.85 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
PRC - [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 17:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/12 13:27:56 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/11 13:45:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/14 10:10:38 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 10:02:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 09:53:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 09:44:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 09:44:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 09:44:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 09:42:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 09:42:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 12:20:28 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/14 09:14:26 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/01/07 12:40:30 | 015,988,224 | ---- | M] () -- C:\Program Files\GamersFirst\LIVE!\libcef.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/30 11:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/09/01 21:32:37 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/01 21:32:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/27 03:21:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/23 22:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/03/15 01:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 EA 4D FA E7 0E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://startpage.com...aff9d215f86efa0 "
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: m:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
[2009/07/27 17:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Extensions
[2011/12/12 13:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions
[2010/04/27 12:58:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 12:52:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/05 23:00:04 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\searchplugins\startpage.xml
[2011/12/14 20:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 11:02:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/08/09 16:10:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/12 13:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/12 13:27:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 13:27:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/01/06 15:28:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [igndlm.exe] M:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248717005187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248716974687 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/27 12:09:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/23 04:14:34 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/01/06 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Application Data\Malwarebytes
[2012/01/06 15:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/06 15:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/06 15:34:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/06 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/06 15:33:37 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven Scharf\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 15:28:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 14:27:59 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/05 23:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Desktop\RK_Quarantine
[2012/01/05 16:12:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 16:11:50 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:11:49 | 004,370,492 | ---- | C] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/02 14:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OSU-gt RC9
[2012/01/02 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2011/12/13 14:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\My Documents\HeroBlade Logs
[2011/12/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/12 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2012/01/06 15:35:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/06 15:35:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 15:33:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven Scharf\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 15:31:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/06 15:30:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 15:28:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/06 14:34:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat
[2012/01/06 14:27:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/06 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/06 10:28:27 | 086,106,953 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/06 10:24:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/06 10:24:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/05 23:05:29 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 16:48:08 | 000,776,704 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:00:32 | 004,370,492 | ---- | M] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 10:41:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/01/02 23:50:48 | 000,036,632 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\pathfinder char.ods
[2012/01/02 17:09:28 | 000,248,813 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/02 14:28:11 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:21:19 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\My Documents\Dragondice.xml
[2012/01/02 14:06:29 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/23 11:02:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/19 14:25:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 10:42:37 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:49:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 11:38:56 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/01/06 15:34:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 14:34:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat
[2012/01/05 23:01:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:59:41 | 000,776,704 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/02 14:28:11 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:06:29 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/12 13:28:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/11 11:38:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/11/23 12:50:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/06 10:19:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/10/06 10:19:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/10/06 10:17:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/06/17 09:35:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/17 09:35:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-527237240-1417001333-839522115-1004-0.dat
[2010/10/11 18:07:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/09/13 18:26:18 | 000,067,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/27 09:36:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 04:24:16 | 002,444,656 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/06/10 13:30:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\PnkBstrK.sys
[2010/06/10 13:30:04 | 002,793,768 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/05/31 20:38:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/22 09:55:29 | 000,017,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 12:47:09 | 000,125,326 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\icarus-dxdiag.xml
[2010/03/08 01:07:11 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/08 01:07:01 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/08 01:06:46 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/02/18 14:47:06 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/10 18:36:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/19 13:34:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/01 21:32:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/01 21:32:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/27 19:42:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\fusioncache.dat
[2009/07/27 17:32:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/27 12:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/27 12:35:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/27 12:31:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 12:24:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/27 12:16:58 | 000,015,453 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/07/27 12:16:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/27 12:16:09 | 000,015,128 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/27 12:16:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/27 12:11:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 12:07:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 07:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/27 07:56:37 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/18 14:29:04 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,090,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/18 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/13 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/12 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/20 17:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/10/24 10:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/13 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010/11/12 11:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/04 07:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2010/01/11 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2010/12/01 04:32:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/03/22 15:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/22 16:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011/07/21 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/10/25 02:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/02/21 10:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011/10/04 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id software
[2010/04/12 15:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2012/01/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/07 15:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/07 15:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/21 11:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2009/09/21 22:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/11/12 13:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/31 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/08 08:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SEGA Corporation
[2011/12/06 03:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/10 17:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/03/08 01:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/04/05 13:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/27 13:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/28 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\.minecraft
[2011/10/13 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\AVG2012
[2011/08/16 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Basilisk Games
[2010/04/26 02:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Bioshock2
[2010/10/08 04:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\DriverCure
[2009/12/12 10:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\FOG Downloader
[2011/03/07 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GamesFaction
[2010/03/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Gearbox Software
[2010/10/07 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GetRightToGo
[2010/11/24 03:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hi-Rez Studios
[2011/09/05 20:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hothead Games
[2011/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ice-pick Lodge
[2011/10/04 12:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\id software
[2011/02/10 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Kalypso Media
[2011/05/17 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Lionhead Studios
[2011/10/04 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Local
[2011/01/26 06:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\MudTV
[2010/04/12 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\My Games
[2009/08/09 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\OpenOffice.org
[2011/07/21 11:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Origin
[2010/10/08 04:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ParetoLogic
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Rift
[2010/03/26 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\runic games
[2011/04/14 12:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sahmon Games
[2010/08/31 00:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SecondLife
[2010/06/08 08:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SEGA Corporation
[2010/06/12 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sierra Entertainment
[2011/07/11 21:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sony Online Entertainment
[2010/04/12 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Stardock
[2010/03/26 20:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SystemRequirementsLab
[2011/06/08 00:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\The Creative Assembly
[2010/05/31 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Tropico 3
[2009/07/27 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Turbine
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ubisoft
[2011/09/27 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\uTorrent
[2010/11/28 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ValuSoft
[2012/01/06 15:31:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/07 04:31:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC6D0FCE
< End of report >
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.06.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steven Scharf :: GYPSE [administrator]
1/6/2012 3:36:44 PM
mbam-log-2012-01-06 (15-36-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164023
Time elapsed: 1 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)
Thanks alot for your help. system seems to be okay, yet unable to turn back on windows auto update (XP)
EDIT following instructions to the auto update tab in control panel, it says that it is on and set, yet windows security alerts says it is not
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Steven Scharf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.75% Memory free
4.84 Gb Paging File | 4.19 Gb Available in Paging File | 86.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.47 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 112.10 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 979.53 Mb Total Space | 967.86 Mb Free Space | 98.81% Space Free | Partition Type: FAT
Drive M: | 244.14 Gb Total Space | 123.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive N: | 221.62 Gb Total Space | 82.85 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Computer Name: GYPSE | User Name: Steven Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
PRC - [2011/12/12 13:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 17:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/12 13:27:56 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/11 13:45:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/14 10:10:38 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 10:02:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 09:53:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 09:44:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 09:44:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 09:44:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 09:42:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 09:42:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 12:20:28 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/14 09:14:26 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/05/05 09:36:13 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/01/07 12:40:30 | 015,988,224 | ---- | M] () -- C:\Program Files\GamersFirst\LIVE!\libcef.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/30 11:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/09/01 21:32:37 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/01 21:32:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/27 03:21:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/23 22:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/03/15 01:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 EA 4D FA E7 0E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://startpage.com...aff9d215f86efa0 "
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: m:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/12 13:27:59 | 000,000,000 | ---D | M]
[2009/07/27 17:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Extensions
[2011/12/12 13:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions
[2010/04/27 12:58:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 12:52:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/05 23:00:04 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Application Data\Mozilla\Firefox\Profiles\l32upqss.default\searchplugins\startpage.xml
[2011/12/14 20:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 11:02:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/08/09 16:10:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/12 13:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/12 13:27:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 13:27:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/01/06 15:28:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [igndlm.exe] M:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248717005187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248716974687 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDA1065-C9D7-4C0F-B63E-8C2F19686350}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/27 12:09:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/23 04:14:34 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/01/06 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Application Data\Malwarebytes
[2012/01/06 15:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/06 15:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/06 15:34:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/06 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/06 15:33:37 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven Scharf\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 15:28:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 14:27:59 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/05 23:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\Desktop\RK_Quarantine
[2012/01/05 16:12:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 16:11:50 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:11:49 | 004,370,492 | ---- | C] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/02 14:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OSU-gt RC9
[2012/01/02 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2011/12/13 14:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Scharf\My Documents\HeroBlade Logs
[2011/12/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/12 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2012/01/06 15:35:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/06 15:35:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 15:33:25 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven Scharf\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/06 15:31:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/06 15:30:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 15:28:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/06 14:34:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat
[2012/01/06 14:27:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steven Scharf\Desktop\aswMBR.exe
[2012/01/06 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/06 10:28:27 | 086,106,953 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/06 10:24:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/06 10:24:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/05 23:05:29 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 16:48:08 | 000,776,704 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/05 16:09:54 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe
[2012/01/05 16:00:32 | 004,370,492 | ---- | M] (Swearware) -- C:\Documents and Settings\Steven Scharf\Desktop\ComboFix.exe
[2012/01/05 15:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Scharf\Desktop\OTL.exe
[2012/01/05 10:41:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/01/02 23:50:48 | 000,036,632 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\pathfinder char.ods
[2012/01/02 17:09:28 | 000,248,813 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/02 14:28:11 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:21:19 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\My Documents\Dragondice.xml
[2012/01/02 14:06:29 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/23 11:02:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/19 14:25:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 10:42:37 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:49:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 11:38:56 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/01/06 15:34:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 14:34:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\MBR.dat
[2012/01/05 23:01:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 22:59:41 | 000,776,704 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\RogueKiller.exe
[2012/01/02 14:28:11 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Shortcut to OSU-gt.exe.lnk
[2012/01/02 14:06:29 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2011/12/12 13:28:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/11 11:38:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Desktop\Sins of a Solar Empire Trinity.url
[2011/11/23 12:50:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/06 10:19:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/10/06 10:19:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/10/06 10:17:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/06/17 09:35:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/17 09:35:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/13 22:54:24 | 000,116,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-527237240-1417001333-839522115-1004-0.dat
[2010/10/11 18:07:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/09/13 18:26:18 | 000,067,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/27 09:36:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 04:24:16 | 002,444,656 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/06/10 13:30:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\PnkBstrK.sys
[2010/06/10 13:30:04 | 002,793,768 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/05/31 20:38:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/22 09:55:29 | 000,017,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 12:47:09 | 000,125,326 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Application Data\icarus-dxdiag.xml
[2010/03/08 01:07:11 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/08 01:07:01 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/08 01:06:46 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/02/18 14:47:06 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/10 18:36:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/19 13:34:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/01 21:32:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/01 21:32:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/27 19:42:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\fusioncache.dat
[2009/07/27 17:32:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/27 12:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/27 12:35:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/27 12:31:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Steven Scharf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 12:24:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/27 12:16:58 | 000,015,453 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/07/27 12:16:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/27 12:16:09 | 000,015,128 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/27 12:16:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/27 12:11:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 12:07:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 07:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/27 07:56:37 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/18 14:29:04 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,090,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/18 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/13 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/12 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/20 17:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/10/24 10:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/13 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010/11/12 11:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/04 07:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2010/01/11 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2010/12/01 04:32:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/03/22 15:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/22 16:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011/07/21 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/10/25 02:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/02/21 10:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011/10/04 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id software
[2010/04/12 15:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2012/01/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/07 15:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/07 15:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/21 11:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2009/09/21 22:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/11/12 13:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/31 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/08 08:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SEGA Corporation
[2011/12/06 03:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/10 17:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/03/08 01:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/04/05 13:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/27 13:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/28 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\.minecraft
[2011/10/13 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\AVG2012
[2011/08/16 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Basilisk Games
[2010/04/26 02:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Bioshock2
[2010/10/08 04:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\DriverCure
[2009/12/12 10:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\FOG Downloader
[2011/03/07 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GamesFaction
[2010/03/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Gearbox Software
[2010/10/07 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\GetRightToGo
[2010/11/24 03:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hi-Rez Studios
[2011/09/05 20:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Hothead Games
[2011/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ice-pick Lodge
[2011/10/04 12:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\id software
[2011/02/10 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Kalypso Media
[2011/05/17 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Lionhead Studios
[2011/10/04 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Local
[2011/01/26 06:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\MudTV
[2010/04/12 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\My Games
[2009/08/09 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\OpenOffice.org
[2011/07/21 11:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Origin
[2010/10/08 04:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ParetoLogic
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Rift
[2010/03/26 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\runic games
[2011/04/14 12:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sahmon Games
[2010/08/31 00:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SecondLife
[2010/06/08 08:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SEGA Corporation
[2010/06/12 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sierra Entertainment
[2011/07/11 21:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Sony Online Entertainment
[2010/04/12 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Stardock
[2010/03/26 20:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\SystemRequirementsLab
[2011/06/08 00:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\The Creative Assembly
[2010/05/31 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Tropico 3
[2009/07/27 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Turbine
[2011/05/04 00:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\Ubisoft
[2011/09/27 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\uTorrent
[2010/11/28 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Scharf\Application Data\ValuSoft
[2012/01/06 15:31:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 18:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/07 04:31:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC6D0FCE
< End of report >
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.06.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steven Scharf :: GYPSE [administrator]
1/6/2012 3:36:44 PM
mbam-log-2012-01-06 (15-36-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164023
Time elapsed: 1 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Steven Scharf\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)
Thanks alot for your help. system seems to be okay, yet unable to turn back on windows auto update (XP)
EDIT following instructions to the auto update tab in control panel, it says that it is on and set, yet windows security alerts says it is not
Edited by Mishlof, 06 January 2012 - 02:44 PM.
#9
Posted 06 January 2012 - 04:18 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
One or more Windows Update components are configured incorrectly
it is unable to fix, in both modes
it is unable to fix, in both modes
#10
Posted 06 January 2012 - 04:27 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the start repairs tab select advanced mode and click start
Select the items in the red surround (remove the ticks from the rest ) and tick restart system when finished
Install the programme then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the start repairs tab select advanced mode and click start
Select the items in the red surround (remove the ticks from the rest ) and tick restart system when finished
#11
Posted 06 January 2012 - 05:07 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
All seems well on my friends PC now, ran the microsoftfixit again and all came up good. thank you for your time! next pay I'm paypal'ing you dinner on me.
#12
Posted 06 January 2012 - 05:12 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Thankee 
I will remove my rubbish now - so if you could point him to this
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
I will remove my rubbish now - so if you could point him to this
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#13
Posted 06 January 2012 - 05:39 PM
Mishlof
- Topic Starter
-
- Member
-
- 16 posts
Member
Thanks again and will let you know if anything come up in the next 24-48hrs, hopefully not.
#14
Posted 08 January 2012 - 06:40 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
