OTL.txtOTL logfile created on: 2/2/2012 10:21:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.11 Gb Available Physical Memory | 77.68% Memory free
7.99 Gb Paging File | 6.32 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.39 Gb Total Space | 852.92 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/02/02 22:19:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011/12/27 03:21:01 | 004,093,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 14\nu.exe
PRC - [2011/08/04 15:57:48 | 000,789,088 | ---- | M] (Jackpot Rewards) -- C:\Program Files (x86)\DealRunner\DealRunner.exe
PRC - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/22 11:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
PRC - [2009/12/22 11:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
PRC - [2004/04/23 18:03:06 | 000,446,464 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
========== Modules (No Company Name) ========== MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/22 11:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
MOD - [2009/12/22 11:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
MOD - [2009/12/22 11:30:36 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\Hook.dll
MOD - [2009/12/22 11:30:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
MOD - [2009/12/22 11:30:28 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EngRes.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/07/28 16:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:
64bit: - [2011/07/28 13:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2011/05/26 14:24:42 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/12/27 03:45:43 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2011/08/21 18:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:
64bit: - [2011/08/21 18:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:
64bit: - [2011/08/03 20:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:
64bit: - [2011/07/28 14:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/07/28 12:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2011/06/24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:
64bit: - [2011/05/26 14:24:58 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:
64bit: - [2011/05/26 14:24:58 | 000,031,336 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (BfEdge7x64)
DRV:
64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/01/25 21:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:
64bit: - [2011/01/25 21:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:
64bit: - [2011/01/13 03:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/05/24 19:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:
64bit: - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:
64bit: - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:
64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:
64bit: - [2009/08/29 16:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:
64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:
64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/01/19 10:33:43 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120202.018\EX64.SYS -- (NAVEX15)
DRV - [2012/01/19 10:33:43 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120202.018\ENG64.SYS -- (NAVENG)
DRV - [2011/12/27 04:05:01 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/27 04:05:01 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 15:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120202.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 18:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/12/22 11:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/12/22 11:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.ask.com/?l=dis&o=14196IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D DA CB AE 7A 4D CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.ask.com/?...?l=dis&o=14196"FF - prefs.js..keyword.URL: "
http://www.google.co...ogle Search&q="FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/26 18:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2012/01/09 08:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/02/02 09:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/07 12:56:02 | 000,000,000 | ---D | M]
[2011/12/26 17:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\igfbsfrb.default\searchplugins\askcom.xml
[2012/01/22 00:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/30 14:47:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: MyTools (Enabled)
CHR - default_search_provider: search_url =
http://search.mytool...q={searchTerms}CHR - default_search_provider: suggest_url =
http://suggestquerie...u={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dennis\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dennis\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dennis\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2:
64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:
64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shop to Win) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll (Shop To Win, LLC)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DealRunner] C:\Program Files (x86)\DealRunner\DealRunner.exe (Jackpot Rewards)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C}
http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E1CC265-5D87-4E4B-AFF2-1570C196FD1B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFCFF9B1-25BC-4F42-AFC1-79A2FD8033C2}: DhcpNameServer = 192.168.101.1
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/02/02 22:19:54 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2012/02/02 22:19:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012/02/01 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\ApplicationHistory
[2012/02/01 14:48:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/02/01 14:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/02/01 14:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2012/02/01 14:24:44 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/02/01 13:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2012/02/01 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/02/01 13:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/02/01 13:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012/02/01 13:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
[2012/01/29 23:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 23:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/28 23:10:51 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\acccore
[2012/01/26 19:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/19 21:07:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 21:07:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 21:07:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 21:06:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 21:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 21:04:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/19 21:04:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2012/01/19 21:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/19 21:01:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/19 20:54:59 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mb.exe.exe
[2012/01/19 20:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/01/19 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/01/19 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/01/19 10:05:52 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Norton Utilities 14
[2012/01/15 01:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2012/01/15 01:43:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Frost Music
[2012/01/15 01:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2012/01/15 01:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/01/15 01:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/01/13 10:52:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/13 10:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/06 00:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
========== Files - Modified Within 30 Days ========== [2012/02/02 22:23:39 | 001,780,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat.DB
[2012/02/02 22:20:15 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2012/02/02 22:19:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012/02/02 21:58:09 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001UA.job
[2012/02/02 21:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 13:57:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001Core.job
[2012/02/02 09:55:24 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 09:55:24 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 09:48:04 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/02/02 09:47:53 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 14:48:48 | 000,755,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/01 14:48:48 | 000,632,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 14:48:48 | 000,110,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 14:47:48 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/02/01 14:24:44 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/02/01 14:23:56 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/02/01 14:12:24 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/02/01 13:57:13 | 000,000,996 | ---- | M] () -- C:\Users\Dennis\Desktop\GameSpy Arcade.lnk
[2012/01/31 19:54:03 | 000,513,320 | ---- | M] () -- C:\Users\Dennis\Desktop\erunt.zip
[2012/01/29 23:24:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 19:27:14 | 000,002,279 | ---- | M] () -- C:\Users\Dennis\Desktop\Google Chrome.lnk
[2012/01/25 21:06:18 | 000,001,243 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.11.lnk
[2012/01/25 21:06:18 | 000,001,219 | ---- | M] () -- C:\Users\Dennis\Desktop\FrostWire 5.2.11.lnk
[2012/01/25 13:58:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/24 21:01:49 | 000,000,024 | ---- | M] () -- C:\Users\Dennis\random.dat
[2012/01/24 20:59:14 | 000,000,032 | ---- | M] () -- C:\Users\Dennis\jagex_cl_runescape_LIVE.dat
[2012/01/22 00:15:20 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 20:39:26 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mb.exe.exe
[2012/01/19 10:28:35 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/14 11:39:18 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/13 11:18:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(50).DAT
[2012/01/09 08:48:54 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/07 13:21:17 | 003,228,348 | ---- | M] () -- C:\Users\Dennis\Desktop\Sinatra The Way You Look Tonite.mp3
[2012/01/06 15:59:31 | 003,482,885 | ---- | M] () -- C:\Users\Dennis\Desktop\ABBA - Dancing Queen Lyrics _.mp3
========== Files Created - No Company Name ========== [2012/02/01 14:48:45 | 000,755,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/01 14:47:47 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/02/01 14:23:56 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/02/01 14:12:23 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/02/01 13:57:13 | 000,000,996 | ---- | C] () -- C:\Users\Dennis\Desktop\GameSpy Arcade.lnk
[2012/01/31 19:54:02 | 000,513,320 | ---- | C] () -- C:\Users\Dennis\Desktop\erunt.zip
[2012/01/29 23:24:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 19:27:13 | 000,002,279 | ---- | C] () -- C:\Users\Dennis\Desktop\Google Chrome.lnk
[2012/01/26 19:26:29 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001UA.job
[2012/01/26 19:26:28 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001Core.job
[2012/01/25 21:06:18 | 000,001,243 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.11.lnk
[2012/01/25 21:06:17 | 000,001,219 | ---- | C] () -- C:\Users\Dennis\Desktop\FrostWire 5.2.11.lnk
[2012/01/22 00:15:19 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/22 00:15:15 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 21:07:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 21:07:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 21:07:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 21:07:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 21:07:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/07 13:21:05 | 003,228,348 | ---- | C] () -- C:\Users\Dennis\Desktop\Sinatra The Way You Look Tonite.mp3
[2012/01/06 15:59:25 | 003,482,885 | ---- | C] () -- C:\Users\Dennis\Desktop\ABBA - Dancing Queen Lyrics _.mp3
[2011/12/22 14:06:56 | 000,000,946 | -HS- | C] () -- C:\Users\Dennis\AppData\Local\647286q5e181p725p270p6ddy7c3
[2011/12/22 14:06:56 | 000,000,946 | -HS- | C] () -- C:\ProgramData\647286q5e181p725p270p6ddy7c3
[2011/12/20 15:14:18 | 000,001,210 | -HS- | C] () -- C:\Users\Dennis\AppData\Local\gvfad8kl33og112yo720sr8t60p6l
[2011/12/20 15:14:18 | 000,001,210 | -HS- | C] () -- C:\ProgramData\gvfad8kl33og112yo720sr8t60p6l
[2011/12/14 23:15:07 | 000,001,090 | -HS- | C] () -- C:\Users\Dennis\AppData\Local\126502a2r002b012a847l1tla6l8
[2011/12/14 23:15:07 | 000,001,090 | -HS- | C] () -- C:\ProgramData\126502a2r002b012a847l1tla6l8
[2011/12/10 02:09:45 | 000,001,146 | -HS- | C] () -- C:\Users\Dennis\AppData\Local\225523j2w083y772x747w4lmh4u8
[2011/12/10 02:09:45 | 000,001,146 | -HS- | C] () -- C:\ProgramData\225523j2w083y772x747w4lmh4u8
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/15 15:59:21 | 000,164,351 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/08/15 15:59:21 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/07/29 02:24:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/28 12:56:25 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2011/07/22 11:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/22 10:50:36 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/22 10:39:49 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2009/08/26 23:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/07/05 06:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\authdvd.dll
========== LOP Check ========== [2011/11/12 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\.minecraft
[2012/01/28 23:10:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\acccore
[2011/08/15 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DiskAid
[2011/12/26 01:47:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GlarySoft
[2012/01/15 01:46:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MP3Rocket
[2011/12/29 01:13:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\redsn0w
[2011/11/09 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Simply Super Software
[2011/11/09 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tific
[2012/02/02 09:48:04 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/01/13 11:18:10 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(50).DAT
[2009/07/13 21:08:49 | 000,023,460 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1E1CC265-5D87-4E4B-AFF2-1570C196FD1B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AFCFF9B1-25BC-4F42-AFC1-79A2FD8033C2}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 01 06 01 05 01 04 01 01 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/26 19:44:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/26 19:44:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/26 19:44:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/09/26 19:44:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/09/26 19:44:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DENNIS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DENNIS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DENNIS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DENNIS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/26 19:44:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/26 19:44:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/26 19:44:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/09/26 19:44:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/09/26 19:44:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D287FACF
< End of report >
EXTRASOTL Extras logfile created on: 2/2/2012 10:21:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.11 Gb Available Physical Memory | 77.68% Memory free
7.99 Gb Paging File | 6.32 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.39 Gb Total Space | 852.92 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit)
"{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders
"{CDFFF800-E7AB-D678-4D8E-53B8D57AE925}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = AMD VISION Engine Control Center
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1" = DealRunner 1.27
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1" = Shop To Win
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"AC3 Decoder" = AC3 Decoder
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"DiskAid_is1" = DiskAid 4.64
"DivX Setup" = DivX Setup
"FrostWire 5" = FrostWire 5.2.11
"GameSpy Arcade" = GameSpy Arcade
"hon" = Heroes of Newerth
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"Security Task Manager" = Security Task Manager 1.8d
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 1/21/2012 4:28:25 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033516 Faulting process id:
0xb48 Faulting application start time: 0x01ccd816a1e5d6f2 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: e2d38372-4409-11e1-83cd-1c6f65d9b24e
Error - 1/21/2012 4:29:01 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0008ae42 Faulting process id:
0xb48 Faulting application start time: 0x01ccd816a1e5d6f2 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: f827ba67-4409-11e1-83cd-1c6f65d9b24e
Error - 1/21/2012 4:29:27 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000417 Fault offset: 0x0000000000331e10 Faulting process
id: 0x1210 Faulting application start time: 0x01ccd816c7cbe20c Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 075ba444-440a-11e1-83cd-1c6f65d9b24e
Error - 1/21/2012 4:29:42 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000417 Fault offset: 0x0000000000431e10 Faulting process
id: 0x1368 Faulting application start time: 0x01ccd816d2064bb8 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 103f47c8-440a-11e1-83cd-1c6f65d9b24e
Error - 1/21/2012 4:29:58 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000417 Fault offset: 0x003be1fd Faulting process id:
0xbcc Faulting application start time: 0x01ccd816d7f75b05 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 19fb8885-440a-11e1-83cd-1c6f65d9b24e
Error - 1/21/2012 4:30:33 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000417 Fault offset: 0x00000000021b1e10 Faulting process
id: 0x1198 Faulting application start time: 0x01ccd816f12a998a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 2efad90e-440a-11e1-83cd-1c6f65d9b24e
Error - 1/22/2012 4:09:10 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033516 Faulting process id:
0x79c Faulting application start time: 0x01ccd8dd1ccde1c2 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 5c5da3f9-44d0-11e1-83cf-1c6f65d9b24e
Error - 1/22/2012 4:09:15 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0008ae42 Faulting process id:
0x79c Faulting application start time: 0x01ccd8dd1ccde1c2 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 5f88dc3a-44d0-11e1-83cf-1c6f65d9b24e
Error - 1/22/2012 5:41:24 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033516 Faulting process id:
0xa5c Faulting application start time: 0x01ccd8ea003d46e8 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3edc9e24-44dd-11e1-9d10-1c6f65d9b24e
Error - 1/22/2012 5:41:29 AM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 7.5.11.9, time stamp:
0x4dc02233 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0008ae42 Faulting process id:
0xa5c Faulting application start time: 0x01ccd8ea003d46e8 Faulting application path:
C:\Program Files (x86)\AIM\aim.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 41ee1c7f-44dd-11e1-9d10-1c6f65d9b24e
[ System Events ]
Error - 2/2/2012 5:01:53 PM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/2/2012 5:02:05 PM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/2/2012 5:02:07 PM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/2/2012 5:02:10 PM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/2/2012 10:37:02 PM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/3/2012 1:57:41 AM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/3/2012 1:57:47 AM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/3/2012 1:57:54 AM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/3/2012 1:57:57 AM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 2/3/2012 1:58:00 AM | Computer Name = Dennis-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
< End of report >
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-02 22:30:21
-----------------------------
22:30:21.683 OS Version: Windows x64 6.1.7601 Service Pack 1
22:30:21.683 Number of processors: 4 586 0x403
22:30:21.683 ComputerName: DENNIS-PC UserName: Dennis
22:30:26.363 Initialize success
22:31:17.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7
22:31:17.016 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
22:31:17.031 Disk 0 MBR read successfully
22:31:17.031 Disk 0 MBR scan
22:31:17.031 Disk 0 TDL4@MBR code has been found
22:31:17.031 Disk 0 Windows 7 default MBR code found via API
22:31:17.031 Disk 0 MBR hidden
22:31:17.047 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8313 MB offset 2048
22:31:17.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 945554 MB offset 17027072
22:31:17.063 Disk 0 MBR [TDL4] **ROOTKIT**
22:31:17.063 Disk 0 trace - called modules:
22:31:17.063 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a66254]<<ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:31:17.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a4a060]
22:31:17.063 3 CLASSPNP.SYS[fffff88001b5d43f] -> nt!IofCallDriver -> [0xfffffa8003ade520]
22:31:17.078 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa8003af1060]
22:31:17.078 \Driver\atapi[0xfffffa8003ac0060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a66254
22:31:17.078 Scan finished successfully
22:31:56.655 Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Desktop\MBR.dat"
22:31:56.655 The log file has been saved successfully to "C:\Users\Dennis\Desktop\aswMBR.txt"