Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my hotmail account is sending spam email

Started by emarkunger , May 26 2012 03:23 PM

  • Please log in to reply

#1
emarkunger
Posted 26 May 2012 - 03:23 PM

emarkunger

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
My hotmail account has been used to send spam to my contact list twice in the last two days. I checked the event log on the computer that sent the spam email - my computer - and I found an anonymous login from my sons computer at the time the spam was sent. I am including the OTC log from my son's computer and my computer. Thanks in advance for any help with this. I have run malware bytes on both computers with nothing shown as an issue. They are both running MS security essentials. I noticed a entry in the firewall exceptions list on my son's computer which is XP - it was for C:\WINDOWS\explorer.exe - and I am unable to edit or delete it - its greyed out. My computer is Vista, my son's is XP.

My son's computer OTL.Txt:
OTL logfile created on: 5/26/2012 3:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Naruemon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.13% Memory free
2.59 Gb Paging File | 1.72 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.08 Gb Total Space | 2.09 Gb Free Space | 1.43% Space Free | Partition Type: NTFS

Computer Name: MOM | User Name: Naruemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/20 16:05:58 | 000,019,272 | ---- | M] (Smartbar) -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/01/26 16:06:29 | 002,659,192 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
PRC - [2012/01/22 17:39:49 | 000,124,832 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/13 16:53:42 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/13 18:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 03:27:02 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
MOD - [2012/05/09 03:26:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 03:22:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:22:25 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/09 03:21:55 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/09 03:19:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:18:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/27 19:06:34 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_6c825ce.dll
MOD - [2012/03/20 16:06:46 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012/03/20 16:06:42 | 000,018,760 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012/03/20 16:06:38 | 000,012,616 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012/03/20 16:06:34 | 000,067,400 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012/03/20 16:06:32 | 000,331,080 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.FilesManager.dll
MOD - [2012/03/20 16:06:30 | 000,034,120 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012/03/20 16:06:26 | 000,077,640 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012/03/20 16:06:26 | 000,015,176 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012/03/20 16:06:18 | 000,017,736 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012/03/20 16:06:16 | 000,053,064 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012/03/20 16:06:10 | 000,011,080 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012/03/20 16:06:08 | 000,026,952 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012/03/20 16:06:08 | 000,011,592 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012/03/20 16:06:02 | 001,105,736 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012/03/20 16:06:02 | 000,080,200 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012/03/20 16:06:00 | 000,541,512 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2011/11/07 11:18:26 | 008,499,712 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
MOD - [2011/11/07 11:18:24 | 002,347,520 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe -- (NSPUpdateService)
SRV - [2012/03/31 16:32:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 19:06:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/22 17:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/01/14 23:18:22 | 000,581,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe -- (NSPService)
SRV - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 19:34:00 | 003,433,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GameMon.des -- (npggsvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva273.sys -- (XDva273)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva248.sys -- (XDva248)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva238.sys -- (XDva238)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/01/14 22:24:20 | 000,108,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKCtrl2k.sys -- (TKCtrl)
DRV - [2011/10/23 19:04:48 | 000,497,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EagleXNt.sys -- (EagleXNt)
DRV - [2011/10/19 22:50:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/19 22:50:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/29 14:07:56 | 000,141,632 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKFsAv.sys -- (TKFsAvM)
DRV - [2011/09/29 14:07:56 | 000,028,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKPcFtHk.sys -- (TKPcFt)
DRV - [2011/06/15 12:20:32 | 000,108,736 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfw.sys -- (NPFW)
DRV - [2011/03/28 11:55:58 | 000,086,368 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npids.sys -- (NPIDS)
DRV - [2011/03/28 11:55:58 | 000,082,496 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfwflt.sys -- (NPFWFLT)
DRV - [2011/03/28 11:55:58 | 000,018,496 | ---- | M] (INCA Internet Co., Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKFsFt.sys -- (TkFsFtM)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctDS.sys -- (pctDS)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (ZD1211U(Hawking Technologies)) Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/12/13 04:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwo...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{76271242-43FE-48EB-B375-097D9C3FC55C}: "URL" = http://www.google.co...ie7&rlz=1I7GGLG
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{C3E7C74A-A43F-4BC0-84E5-0ADFFA7DA9EB}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-nick
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\WINDOWS\proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.plusnetwo...ork.com/?sp=hp"
FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Smartbar Search"
FF - prefs.js..keyword.URL: "http://www.plusnetwo...m/?sp=faddr&q="

FF - user.js..browser.startup.homepage: "http://search.condui...ctid=CT1940427"
FF - user.js..network.proxy.backup.ftp: ""
FF - user.js..network.proxy.backup.ftp_port: 0
FF - user.js..network.proxy.backup.gopher: ""
FF - user.js..network.proxy.backup.gopher_port: 0
FF - user.js..network.proxy.backup.socks: ""
FF - user.js..network.proxy.backup.socks_port: 0
FF - user.js..network.proxy.backup.ssl: ""
FF - user.js..network.proxy.backup.ssl_port: 0
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 8080
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 8080
FF - user.js..network.proxy.http: "127.0.0.1"
FF - user.js..network.proxy.http_port: 8080
FF - user.js..network.proxy.share_proxy_settings: true
FF - user.js..network.proxy.socks: "127.0.0.1"
FF - user.js..network.proxy.socks_port: 8080
FF - user.js..network.proxy.ssl: "127.0.0.1"
FF - user.js..network.proxy.ssl_port: 8080
FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "file:///C:\WINDOWS\proxy.pac"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/13 20:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/03 21:27:56 | 000,000,000 | ---D | M]

[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions
[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions\[email protected]
[2012/05/26 15:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions
[2012/05/26 15:40:10 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/05/26 15:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\staged
[2012/02/14 17:25:50 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\searchplugins\Messenger Plus Smartbar Search.xml
[2011/12/30 19:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/17 14:36:51 | 000,433,788 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14934 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [GateWay] C:\Documents and Settings\Naruemon\GateWayMain.exe File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; SearchToolbar 1.2; (R1 1.5); .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 2.0.50727)" -"http://www.vixine.co...swap_game.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Naruemon\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: linkworkspace.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://www.linkwork...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208126236109 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelg...in/cortvrml.cab (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1004.cab (MGLaunch_v1004 Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames...ctivex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers...eminfo/MSC3.cab (Futuremark Measurement Services Client)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7BC391-8E7B-4233-B94F-3D49E9709F16}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B82366-2926-40FA-AFC4-8BDD633EE722}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE928E25-F8F3-446E-9932-6FC1208E18E9}: NameServer = 167.206.251.16,167.206.251.80,167.206.251.15
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 15:30:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/19 01:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft
[2012/05/09 21:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Oddworld
[2012/05/06 22:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Drakensang
[2012/05/05 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\gothic3
[2012/05/05 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dreamcatcher
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/26 15:56:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/26 15:42:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/26 15:36:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/26 15:33:06 | 000,196,793 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/26 15:32:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/26 15:32:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/26 15:32:37 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/05/26 15:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/26 15:31:02 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/26 14:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 13:43:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/05/25 21:35:29 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/21 19:18:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/19 01:08:22 | 000,002,218 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prince of Persia The Sands of Time.lnk
[2012/05/19 00:53:24 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/19 00:28:03 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/18 17:47:57 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/18 17:34:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 00:06:08 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/05/15 19:21:30 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/09 03:49:37 | 003,629,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 03:17:53 | 000,494,750 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 03:17:53 | 000,091,962 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 03:12:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 22:41:44 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gothic III.lnk
[2012/05/02 22:01:01 | 000,000,269 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 A Beautiful World - YouTube.url
[2012/05/02 21:55:24 | 000,000,401 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 Lion's Arch Diving Board - YouTube.url
[2012/05/01 03:03:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/26 15:31:03 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/05/26 15:31:03 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/05/26 15:31:03 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
[2012/05/26 15:31:02 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/05/25 21:35:29 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/19 01:08:22 | 000,002,218 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prince of Persia The Sands of Time.lnk
[2012/05/19 00:53:24 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/19 00:28:03 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GameFly.lnk
[2012/05/19 00:28:03 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/18 17:47:57 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/17 00:06:08 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/05/05 22:41:42 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gothic III.lnk
[2012/05/02 22:01:01 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 A Beautiful World - YouTube.url
[2012/05/02 21:55:24 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 Lion's Arch Diving Board - YouTube.url
[2012/05/01 03:13:36 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/01 03:03:40 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/04 23:23:42 | 000,000,534 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2012/02/15 04:19:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 02:21:35 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\sn3win.dll
[2011/09/13 20:04:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 18:46:49 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/25 18:46:49 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Naruemon\Application Data\PnkBstrK.sys
[2011/05/25 18:46:47 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/25 18:46:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/04/17 14:24:08 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/16 22:58:52 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgfs.sys
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2010/07/03 20:19:12 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat

========== LOP Check ==========

[2005/04/14 20:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/11/15 00:40:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/28 12:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dI06504CgHeD06504
[2010/05/30 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/03/13 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2012/02/14 17:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/05/26 15:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! for Skype
[2010/08/23 19:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/25 19:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/08 18:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/24 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/28 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/12/24 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/03/14 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/12/04 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/26 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2012/01/28 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\.minecraft
[2011/10/19 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\46A744AFDD6CDC4B6C37CAD56B339F2A
[2012/01/31 13:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Asofys
[2011/01/08 20:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Audacity
[2009/07/06 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BoneTown Demo
[2011/04/26 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BugTrap Console Test108
[2012/02/15 21:46:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Naruemon\Application Data\C12C590F
[2011/11/28 18:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/03 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Dragona
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FloodLightGames
[2008/07/12 00:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FLV Extract
[2006/02/11 11:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\funkitron
[2008/03/19 21:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Gaijin Ent
[2012/04/03 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GameFly
[2011/10/27 22:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GetRightToGo
[2009/10/08 19:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GSC 2.00
[2008/10/29 22:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\ICAClient
[2005/12/20 21:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Leadertech
[2006/02/12 17:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Magic Match
[2007/05/07 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Musicmatch
[2005/12/14 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Panasonic
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PlayFirst
[2008/07/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Playrix Entertainment
[2011/04/12 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PriceGong
[2012/05/18 17:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\RenPy
[2005/12/24 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\River Past G4
[2010/06/28 15:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE
[2008/09/06 22:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE Creature Creator
[2011/06/23 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Stu Bedore
[2012/02/05 03:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Syispe
[2005/11/28 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\The Labyrinth Plus! Edition
[2008/03/29 18:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Total Eclipse
[2005/11/26 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Wildfire
[2010/01/18 10:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Desktop Search
[2010/01/18 10:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Search
[2012/05/26 15:32:37 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/05/26 13:43:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/19 19:41:48 | 000,000,404 | ---- | M] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2011/11/23 14:50:02 | 000,000,404 | ---- | C] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2010/08/23 19:06:47 | 000,000,000 | ---D | M](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2010/08/23 19:06:47 | 000,000,000 | ---D | C](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2007/04/03 02:14:58 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2007/04/03 02:14:58 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2006/12/29 23:29:44 | 000,036,352 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/12/14 11:51:09 | 000,026,191 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:51:09 | 000,026,191 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:46:38 | 000,024,013 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/14 11:41:54 | 000,024,013 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/02 02:00:46 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/12/02 02:00:46 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/11/22 12:50:01 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/22 12:36:09 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/10/19 01:25:52 | 000,054,784 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/08 23:45:02 | 000,054,784 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/08 22:00:44 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/08 21:59:26 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/07 09:45:01 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/07 09:37:39 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/02 23:51:34 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/09/28 17:44:27 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/28 17:34:57 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:56 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:07:01 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/27 17:51:55 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/07/19 02:02:24 | 000,036,352 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/06/04 21:59:22 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/06/04 21:59:21 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/05/31 12:18:50 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2006/05/31 12:06:10 | 000,037,888 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 12:06:09 | 000,037,888 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/30 15:27:09 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/30 15:25:11 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 02:23:41 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 01:58:45 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/28 00:17:08 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2005/09/13 21:28:03 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/13 21:28:02 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB19013$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D4624A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73C25840
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8985F330
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D762B9DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41EF5EA2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF5EAC0C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5B501E5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >

My son's Extras.Txt:
OTL Extras logfile created on: 5/26/2012 3:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Naruemon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.13% Memory free
2.59 Gb Paging File | 1.72 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.08 Gb Total Space | 2.09 Gb Free Space | 1.43% Space Free | Partition Type: NTFS

Computer Name: MOM | User Name: Naruemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57080:TCP" = 57080:TCP:*:Enabled:Pando Media Booster
"57080:UDP" = 57080:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57080:TCP" = 57080:TCP:*:Enabled:Pando Media Booster
"57080:UDP" = 57080:UDP:*:Enabled:Pando Media Booster
"1067:TCP" = 1067:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\SonicProxy\sonic.exe" = C:\Program Files\SonicProxy\sonic.exe:*:Disabled:sonic
"C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2eeef4d9-e5f4-4fb8-b67f-fe3e9ebb2efb}.sdb" = Kabod
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{581CE7EA-A30D-0000-1211-088635773309}" = 802.11b+g USB Wireless LAN Adapter
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A183C1-E79D-44CB-A7FF-F63640B4246C}" = GameFly
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D197A87-44B6-47D0-8A0D-B421208C9A26}" = nProtect GameGuard Personal 3.0
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B4BDAA-7B03-43B1-804C-54B451EF9668}" = nProtect Security Platform
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FCDB5675-78BF-4052-9E52-C4E9CB50181B}" = Messenger Plus! Community Smartbar
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chicken Invaders 2 Christmas Edition demo_is1" = Chicken Invaders 2 Christmas Edition demo v2.60
"Chicken Invaders 2 demo_is1" = Chicken Invaders 2 demo v2.60
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Download Manager" = Download Manager 2.3.7
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Game Maker 7.0" = Game Maker 7.0
"Game Maker 8.0" = Game Maker 8.0
"GameFly" = GameFly
"Gothic III" = Gothic III
"Grand Chase" = Grand Chase
"GSC 2.00" = GSC 2.00
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGZones_is1" = IGZ Lobby System
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"Katawa Shoujo" = Katawa Shoujo
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16
"McAfee Security Scan" = McAfee Security Scan Plus
"Measurement Services Client" = Futuremark Measurement Services Client
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Security Client" = Microsoft Security Essentials
"MKV Player_is1" = MKV Player 2.0.1
"Money2006a" = MSN Money Investment Toolbox
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MPEG-4 Booster Pack" = River Past MPEG-4 Booster Pack
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWaySearchAssistantDE" = My Way Search Assistant
"Neffy" = Neffy 1,3,29,0
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Nights Deluxe1.023" = Peggle Nights Deluxe
"PhotoStitch" = Canon Utilities PhotoStitch
"Prince of Persia The Sands of Time" = Prince of Persia The Sands of Time
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest - Challenge of the Warlords" = Puzzle Quest - Challenge of the Warlords
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 8.0
"SystemRequirementsLab" = System Requirements Lab
"Thai Typing Tutor" = Thai Typing Tutor
"Video Cleaner Pro" = River Past Video Cleaner Pro
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"ZEN (MTP) Media Explorer" = ZEN Media Explorer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2012 4:52:30 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/6/2012 4:53:07 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2/6/2012 4:53:19 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 passthrough, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not
boot, P8 NIL, P9 NIL, P10 NIL.

Error - 2/7/2012 9:17:46 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2012 9:17:48 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2012 6:09:36 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/9/2012 8:55:42 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2012 5:26:12 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2012 5:46:07 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2012 10:32:14 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/26/2012 3:02:59 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.

Error - 5/26/2012 3:03:00 PM | Computer Name = MOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

Error - 5/26/2012 3:03:04 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053

Error - 5/26/2012 3:04:47 PM | Computer Name = MOM | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 5/26/2012 3:05:04 PM | Computer Name = MOM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 5/26/2012 3:12:00 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/26/2012 3:12:55 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 5/26/2012 3:15:14 PM | Computer Name = MOM | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/26/2012 3:34:09 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/26/2012 3:35:06 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi


< End of report >

My computer's OTL.Txt:
OTL logfile created on: 5/26/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\unger\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.47% Memory free
12.09 Gb Paging File | 8.25 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 43.46 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.41 Gb Free Space | 56.05% Space Free | Partition Type: NTFS
Drive E: | 159.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.71 Gb Total Space | 10.27 Gb Free Space | 95.86% Space Free | Partition Type: FAT32

Computer Name: MOJO | User Name: unger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 15:31:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
PRC - [2012/05/10 08:02:04 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/06/05 14:05:33 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011/05/26 18:42:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/04/22 08:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/17 22:56:11 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/03/11 00:10:32 | 001,918,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/09 01:10:53 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011/11/13 03:32:20 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/10 08:02:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/05/26 18:42:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/03/25 21:02:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/03 13:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 15:47:06 | 000,091,664 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/06 16:43:22 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2011/08/06 16:43:00 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vididr.sys -- (vididr)
DRV:64bit: - [2011/08/06 16:42:58 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2011/08/06 16:42:55 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2011/06/05 14:05:37 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/06/05 14:05:37 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 22:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/26 22:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/26 22:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2009/12/29 14:03:16 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 10:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/25 16:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/06 21:29:22 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/07/06 21:29:22 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/06/20 21:11:33 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/20 21:11:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/17 12:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 12:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/01/16 00:37:44 | 000,587,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009/01/16 00:37:44 | 000,054,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/12/04 12:34:54 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/09/28 08:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/01 02:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/05/27 11:41:40 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/05/27 11:41:40 | 000,137,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/05/27 11:41:38 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/05/27 11:41:38 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/27 11:41:38 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/05/27 11:41:38 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/05/27 11:41:32 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/04/22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/08 02:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/03/01 10:24:04 | 000,365,568 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EF 8A 10 F6 35 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enUS308
IE - HKCU\..\SearchScopes\{B1253587-1FAB-425C-BD9E-9B37ABCEE882}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/27 12:53:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/27 12:53:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\unger\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\unger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\unger\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\unger\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/17 22:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\unger\AppData\Roaming\Move Networks [2009/05/12 23:56:43 | 000,000,000 | ---D | M]

[2010/12/11 17:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unger\AppData\Roaming\Mozilla\Extensions
[2010/12/11 17:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unger\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/23 11:06:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\unger\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Logitech Device Detection = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Click to call with Skype = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2011/05/11 12:38:01 | 000,000,910 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.ad.tomshardware.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\unger\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: linkworkspace.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ncsoft.com ([secure] https in Trusted sites)
O16 - DPF: {00BC5049-C7F3-4AC9-92AE-1991C76608B0} http://tr.nopp.co.kr.../TRLauncher.cab (TRLauncher Control)
O16 - DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.micr...6B/pmupd806.exe (MSN Money Charting)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://www.linkwork...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A83ACB-D43B-4DB5-BE1B-D7C7403E1A38}: NameServer = 167.206.251.130,167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5DAEBB5-0AAA-467B-8359-4DF4E818B562}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E334192D-F19A-4BE5-ABB9-69BCCEF6D212}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/24 14:24:54 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\##Daedalus#f\Shell\AutoRun\command - "" = Z:\AutoRun.exe
O33 - MountPoints2\{47aef90a-df47-11dd-83f6-00219b1bd00e}\Shell - "" = AutoRun
O33 - MountPoints2\{47aef90a-df47-11dd-83f6-00219b1bd00e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{49ab6086-6904-11e0-af5c-0024e8204516}\Shell - "" = AutoRun
O33 - MountPoints2\{49ab6086-6904-11e0-af5c-0024e8204516}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{8480a382-353f-11de-907e-00219b1bd00e}\Shell - "" = AutoRun
O33 - MountPoints2\{8480a382-353f-11de-907e-00219b1bd00e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\KitSetup.exe
O33 - MountPoints2\{a78794a4-f71a-11de-8f5e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a78794a4-f71a-11de-8f5e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tcauto.exe -- [2011/10/03 12:57:59 | 008,397,464 | R--- | M] (HR Block )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 15:31:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
[2012/05/25 02:47:56 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Roaming\Malwarebytes
[2012/05/25 02:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 02:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 02:47:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/25 02:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/24 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{E55D09F8-4B3D-4AD8-8DC1-9FC4031451A9}
[2012/05/24 16:50:45 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{571B8634-AE3B-4900-B69F-C859DCBFF034}
[2012/05/24 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Roaming\DragonSaga
[2012/05/22 17:15:23 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{BEF09C46-41A0-4907-85E1-137C0C487A96}
[2012/05/22 17:15:12 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{FD479454-191C-4F30-9DBD-D4AF71DB582E}
[2012/05/19 13:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/19 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/19 13:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/14 18:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{B558339D-D46E-4641-98F9-B382EEE44322}
[2012/05/14 14:51:41 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{E3B92600-F4DC-40BD-8E0A-12C61270680D}
[2012/05/11 16:19:53 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{A8130E9D-C604-4E74-9500-5F08AF628411}
[2012/05/11 16:19:40 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{67A3188D-11FD-4B0F-82E3-D90F4D23BFD8}
[2012/05/08 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{EA769B95-EA02-42E6-AE06-A15226018C31}
[2012/05/08 18:51:44 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{35D38F2A-7767-46A7-B44E-6ED5F2B49063}
[2012/05/05 03:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/04 15:00:36 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{5966983A-D354-464B-A136-C8C30EC94F2B}
[2012/05/04 15:00:23 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{FCF2B985-6369-40F8-864D-9D1C527626F3}
[2012/05/03 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{93192BB7-DEDC-42F4-90B7-77AC40131BED}
[2012/05/03 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{7F513ABC-D1FC-4CEA-8B82-F8C4845EA87B}
[2012/05/02 15:17:48 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{4317DDFC-DC03-487A-A701-01A2D7E8DFB9}
[2012/05/02 15:17:37 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{3A6177FC-392E-403B-AC0C-FC20A5E2C5DE}
[2012/05/01 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{A5B67E1C-C74C-4986-92A2-9B7416073265}
[2012/05/01 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{F6A8675E-F00C-4594-9551-C150EFC1AC33}
[2012/04/30 14:49:38 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{AFD0B5B2-0F81-4973-9F94-BB9371DEA44F}
[2012/04/30 14:49:28 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{3735D1CB-9522-4FCB-ACB7-7724B48788D7}
[2012/04/27 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{6D62C496-3263-4F9C-98F7-3DA98D4088FC}
[2012/04/26 18:43:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/26 18:27:35 | 002,266,624 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\pdfmona64.dll
[2012/04/26 18:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995
[2012/04/26 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2012/04/26 18:27:34 | 000,000,000 | ---D | C] -- C:\pdf995
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/26 15:31:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
[2012/05/26 15:12:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 15:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/26 15:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/26 14:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 14:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 13:10:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/26 03:06:46 | 000,787,202 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/26 03:06:46 | 000,651,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/26 03:06:46 | 000,123,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/26 00:12:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 16:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/25 02:47:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 10:30:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 10:30:21 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 22:15:50 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/19 13:34:37 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/14 19:06:40 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/10 03:52:08 | 000,307,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 03:11:04 | 003,136,866 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/08 19:02:11 | 000,245,996 | ---- | M] () -- C:\Users\unger\Documents\Odin MMR Immun.pdf
[2012/05/08 18:47:57 | 000,151,537 | ---- | M] () -- C:\Users\unger\Documents\30992793StaffordLoan.pdf
[2012/05/08 18:31:53 | 000,024,743 | ---- | M] () -- C:\Users\unger\Documents\studentloans.gov - viewAllCounseling.pdf
[2012/05/05 19:50:09 | 000,002,032 | ---- | M] () -- C:\Users\unger\AppData\Local\d3d9caps.dat
[2012/05/05 03:19:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/05 03:18:52 | 000,786,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/29 12:48:34 | 000,001,452 | ---- | M] () -- C:\Users\unger\Desktop\Gw2.lnk
[2012/04/26 18:27:35 | 000,000,025 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/04/26 18:27:34 | 000,040,448 | ---- | M] () -- C:\Windows\SysWow64\pdf995mon64.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 02:47:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 13:34:37 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/14 18:36:33 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/10 08:02:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 19:02:11 | 000,245,996 | ---- | C] () -- C:\Users\unger\Documents\Odin MMR Immun.pdf
[2012/05/08 18:47:57 | 000,151,537 | ---- | C] () -- C:\Users\unger\Documents\30992793StaffordLoan.pdf
[2012/05/08 18:31:53 | 000,024,743 | ---- | C] () -- C:\Users\unger\Documents\studentloans.gov - viewAllCounseling.pdf
[2012/04/28 12:26:59 | 000,001,452 | ---- | C] () -- C:\Users\unger\Desktop\Gw2.lnk
[2012/04/26 19:01:25 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk.disabled
[2012/04/26 18:27:35 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64.dll
[2012/04/26 18:27:35 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64ui.dll
[2012/04/26 18:27:35 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/04/26 18:27:34 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/24 04:27:16 | 000,000,732 | ---- | C] () -- C:\Users\unger\AppData\Local\d3d9caps64.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/15 20:17:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/03 15:57:58 | 000,008,248 | ---- | C] () -- C:\Users\unger\AppData\Local\en.ini
[2011/02/11 16:37:10 | 000,024,109 | ---- | C] () -- C:\Users\unger\AppData\Roaming\UserTile.png
[2011/01/15 12:28:34 | 000,001,100 | ---- | C] () -- C:\Users\unger\AppData\Local\d3d8caps.dat
[2010/12/27 21:26:17 | 000,000,093 | ---- | C] () -- C:\Users\unger\AppData\Local\fusioncache.dat
[2010/07/27 22:54:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2010/07/27 22:54:30 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2010/07/27 22:54:30 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2010/06/11 22:16:25 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/11 22:16:21 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/11 22:16:21 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== LOP Check ==========

[2009/09/22 20:49:59 | 000,000,000 | -HSD | M] -- C:\Users\unger\AppData\Roaming\.#
[2011/08/06 16:47:41 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Acronis
[2012/05/13 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Advanced Combat Tracker
[2009/12/20 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Aventail
[2012/04/02 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Azureus
[2009/06/30 23:38:02 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Bullzip
[2010/06/05 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Canon
[2009/01/10 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools
[2009/04/30 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools Lite
[2009/01/10 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools Pro
[2011/03/05 15:38:00 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DarksporeData
[2012/05/24 16:45:45 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DragonSaga
[2010/08/25 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\GARMIN
[2010/03/28 23:25:48 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\GetRightToGo
[2012/05/24 02:04:02 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\ICAClient
[2009/09/30 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Leadertech
[2011/04/17 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\motorola
[2011/05/05 22:31:59 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Mumble
[2011/11/12 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Origin
[2011/10/19 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\OverDrive
[2011/11/25 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\PDF Writer
[2011/02/11 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\PeerNetworking
[2010/09/10 20:18:03 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\RayV
[2012/04/15 01:01:06 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\RIFT
[2010/08/05 21:46:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Samsung
[2010/06/26 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\SPORE
[2012/05/19 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Spotify
[2009/09/01 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Stardock
[2011/01/16 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TalesRunner
[2012/01/09 01:17:52 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TaxCut
[2009/01/06 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Template
[2010/12/11 17:22:31 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TomTom
[2010/12/27 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Turbine
[2012/05/25 16:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/26 13:10:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/24 07:31:34 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

My computer's Extras.Txt:
OTL Extras logfile created on: 5/26/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\unger\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.47% Memory free
12.09 Gb Paging File | 8.25 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 43.46 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.41 Gb Free Space | 56.05% Space Free | Partition Type: NTFS
Drive E: | 159.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.71 Gb Total Space | 10.27 Gb Free Space | 95.86% Space Free | Partition Type: FAT32

Computer Name: MOJO | User Name: unger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F4 0B 7D 3F E9 E7 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D43A97-721D-4EDD-82AD-8C31192AFA1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01775E0B-2DCD-463C-A30A-2731B1875B43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0BA32B23-B262-47FC-83EA-8D1CC8B21B60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16373CF1-5F54-42BF-A44D-0DC8C24D0E07}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B39638C-43F5-40CC-9E7D-BC8979459FA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FC31E27-C263-4D30-B2E1-4CCCAF2875AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25C71A15-32D0-42D4-98AC-84474EC77CA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BB6A6A2-111E-4CC5-8024-5A270E47D3C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D3CCFDC-0A3E-404B-8F2B-DF33DE909513}" = lport=3390 | protocol=6 | dir=in | app=system |
"{40975802-6D3B-4744-888A-A47F331BA9E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50BF99F6-C412-4651-AE4A-325EE845AE71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{547B1FA3-286F-43EC-ADF5-4ECAD9A5A6F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F262D4C-F1B2-4E82-9999-6266570BE475}" = lport=10244 | protocol=6 | dir=in | app=system |
"{62C4709B-9000-45CA-80E1-AC027FBD3645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64F4C535-1F1A-42DD-B316-2D9A08CC517E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6659B060-D941-4853-966A-14F99F5B5527}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D22AE46-EE69-4936-91AB-DB82AC78033D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F8CD8AD-4A8D-4996-B013-444B780832CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B61AF39-C1F8-473F-BA8C-326162FAE645}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C009FC8-1DBC-4B39-B2E6-E912DF7982AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D4B7872-C5C2-48C1-8430-713B95FFAE0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7DE9F854-1DB4-4AAC-A98E-DFDA74D218EA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7E69F14D-F9D7-4E43-8C33-60F3F219D871}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86C2A77F-182C-43C5-AD8B-250E93834CA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894852DA-14DD-4638-9C30-678A552B8F42}" = rport=139 | protocol=6 | dir=out | app=system |
"{89519CAD-9E85-4D85-992E-F0B0BD8852ED}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A285338-4187-4AB3-B3D8-CCB062CDB8A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ED89C4A-0B1C-47D8-A1C7-9DCE12B5BA88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B48DCEC-CF44-4109-BEF8-6DDBD672E715}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9EC54BC1-FE9E-4C03-A9C3-572B895518F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6EF868D-85A1-4179-B25F-CA76C5F28D50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7E125DB-F32C-4709-9E1C-9FBBB3CDCB17}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABA40751-E399-4FB2-9937-09DD72BA4729}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AE0FEEC5-9181-4B27-B0D7-A630AE7F2EB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF42EEDA-249E-4FCA-9A49-6B71F344C9EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B692C7BC-6EE3-421B-BF27-254F4188BEEF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BB1DDF8E-6892-4921-8011-E12ADB6CD598}" = lport=138 | protocol=17 | dir=in | app=system |
"{BCC0A007-69DC-48E8-ABC2-43A3F3C9B712}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C3F68A1E-1A48-4DC1-8A15-D1722EB247E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B41F93-FD33-43E5-B39C-82C01E862277}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C5C21F56-4EB4-4E16-82B1-FC621A379481}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C6D42DE6-32F9-4400-886F-4A1A5CA1B971}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CA235389-817C-45E0-8F2A-AEE4CAC36BF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D7482332-D32D-4679-BA5E-2F088791C732}" = lport=137 | protocol=17 | dir=in | app=system |
"{D86FC96A-C1CE-41E4-85CE-E0655701400D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDB70667-6C2D-4293-8D27-862B6F5E5742}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E1855B60-360D-4767-9EFA-3CD2B210F9E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB335C83-BD16-48AA-94F7-159F1792539B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBD5DF5F-12F6-4D4A-96E5-EE3E965D15E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECFEBBE2-D2EE-4B92-ABBF-198AF8686D52}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDD82B53-E445-4754-8960-890C944FD15C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8FB2A74-B6C0-49CD-AAC2-54C7C86710D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F972EAF6-A252-4558-B863-A56D7018C8C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04541C12-B3E2-4420-8E63-0D200B10AD6F}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{12522D66-6F3D-4BA2-84A9-EDE8D54B3C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{147E0CE1-D068-4AA8-8408-1F7E5DD2E1B5}" = protocol=58 | dir=out | [email protected],-28546 |
"{1847EE7E-F248-435F-A4DE-01D84833DDAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{188F9D66-D1F3-46DE-BB4A-01B20651AC0F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{19605383-8E26-480F-8025-72D03673C111}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1A48760F-CCE8-4263-85F4-7988208E559A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B733A1F-CAE2-4EB8-99CB-288BA3AE8BC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CE72F83-A202-4925-B6F1-F703085E0E7A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1CF6BBF2-1C23-4835-9777-4E1D9BA57C4C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{22A527A8-05CF-454C-9C3A-BCEA4F3F8905}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{296D646A-B7F9-48F9-A4E7-CF46241CA813}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B02E9FF-A64C-4142-9B8C-845A63B58C43}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{3122CF1E-9CF5-4380-84C8-9017D2BD6E10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3285ACAC-9724-4032-BDF0-780FE02381F5}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{32E19848-89DD-46E7-8FEF-C04D8CF7D4F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34E7C8EF-7C4B-4917-A5A0-F04A5B26CC76}" = dir=in | app=c:\users\unger\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{34F9D4C5-D286-4FA7-82CA-AFED5534B317}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A72918B-0937-4C91-AF1E-6D4BE5900459}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AC1050C-9445-41A0-A8DB-D41A47B21C4F}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3F3338B4-66AB-4B78-9989-11790FE3F8E6}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3FF04B18-44DA-48DD-868C-3A0B2459CE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{4A4FDCA4-C3F3-4241-82D8-95C9AA688E3D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4BA738A3-3B89-4D66-8F54-F8434501D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{4CD1F038-93C6-4EDE-BB91-46B7BED382D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DCF3865-0F7A-45F1-959E-6953C573B63B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4EC6576C-1F4F-4A72-80BA-CA2467798F6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{548CB57D-48CB-4653-BDE4-F34039BB4B55}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{550B6E18-2812-453E-A2E2-B743623635C1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{57793002-9022-42AF-ADC7-07BE4D90DD00}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5C2F1F86-FDA7-41D8-AE38-041A702EDAC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5CCA6E77-3BBC-4227-B549-898A099B89D4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6358D3F8-90B2-47D2-B64B-98E493F19CBC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{67188B2E-6BFB-41D3-BA1A-A45BB9E1E8ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6A39EB5E-FDBF-47F4-BF1A-0DB7EF6679EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EFFF460-3CFD-4D70-89CD-9BFB6E120672}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{726A55C3-5839-43F0-BE64-199D5B6D574C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{72F5811C-413C-4E2B-B147-18B5DDB02DC8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{745509B7-CBEF-4419-B6B1-BF29D973DC17}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{75A5307C-9B76-4047-A70C-BC88063AA3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{7BB707EF-9BF4-4C6C-884D-3D5F0A047289}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{7F869A4A-D294-4ACF-9604-1136FA67C994}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{81265820-523A-4808-832B-5BDFDE88343B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{853F5836-456D-4159-A9B6-87F73A6137AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{85ABEA5D-ED55-48FB-8C14-23309BF2A74C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{86C23D51-C6F2-4104-BDCC-DCD384B8EC6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DD49D6C-473B-4509-A099-1C0D2C008868}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{92586035-D7EC-42A1-B1F0-74D7B6F6C834}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{9485652A-59D5-432A-93E1-2A580F6EB316}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{97B9A458-0D50-48F9-BDBA-779CC7A8B940}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9975311E-552A-4D99-A78D-D83D7EC34DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{9E010EB2-39A7-40E5-8D91-C282E9B61E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{9F9487A0-8A55-4177-8185-CF057E50C151}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{A210A113-5FEE-43AD-898D-ECB539694B4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A39E7B60-A576-4B77-86FC-E3CEB381122F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF2E22E7-BE0E-4822-97A1-5179A6552EBF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B0122119-F42B-48CD-B456-8872646B1354}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{B0627835-65E8-4932-B28A-B2E5A0D06260}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B22EBC10-1F0B-4942-9FA3-9EEEA84115D2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B673420E-D3D1-4823-94A8-F464ACDCCE38}" = protocol=58 | dir=in | [email protected],-28545 |
"{B706C4B8-AE4D-4FB9-B706-C0D56A8A4216}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BCCA124E-5F8C-4FBB-B4C5-48C5EDBFA665}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDE81048-93A7-465F-8E5A-5B5C0E2948DF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BE4A0A27-AF63-444A-90E6-B040181646B4}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{C34668E5-F797-4084-AEA7-AEE654F8D02D}" = protocol=1 | dir=out | [email protected],-28544 |
"{C4D01AE1-5FF2-4E42-95BD-E19FF668603E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6D39506-9F93-4E1A-B0F1-66F16A007888}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF267C23-2C41-4EAE-9795-3D340533AE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CFCFAC56-8A10-4177-A69E-25D71C7733AF}" = protocol=6 | dir=out | app=system |
"{D0EEAE62-AA82-439B-AD92-E3C72AF1B801}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D3C6E302-57EF-47C0-A55E-D6AB84FF91BE}" = protocol=1 | dir=in | [email protected],-28543 |
"{D4EDEBF1-F245-4DF4-8103-273A8781E195}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D5CE3E1A-165F-4F3D-94CC-EC761CFBF41B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DDCC38C8-960E-4B88-8F08-DB82C042E304}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2610D50-8152-4745-9A74-734E97339D79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3823106-B592-4071-BFA4-C0FC0D829568}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{E50B25AD-D96E-46A5-B479-538B26DF8F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E9A8BCCC-DF5A-470C-92B2-A22AC1B12328}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCAE548B-4C78-43CE-AF89-AB04F1797B45}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{FE01C695-3A15-4E9D-90B8-BF8B8A37FDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{1D6E6FD3-B6AF-4504-9C65-262135F6C25E}C:\program files (x86)\motorola media link\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe |
"TCP Query User{6FCDE30D-B01B-414E-A9CC-E26F2CB189CA}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2CC72612-FF50-47B7-B636-5C749B55792F}C:\program files (x86)\motorola media link\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe |
"UDP Query User{72178482-44E6-4503-9F71-4912B6967EFC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{47F9B34A-9309-4696-B5C8-7816C0AA7E03}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{80AF4051-BBDC-3F38-BF0C-4D6EB0927781}" = Microsoft .NET Framework 4 Extended
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{D40FCA0C-C08F-49F4-8D4D-0037ADC87156}" = Microsoft SQL Server System CLR Types (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAD94A9F-F54B-4718-8BCB-0DACBD3C1CA1}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA0F68A4-CC52-D061-C239-CC54377E9B79}" = ccc-utility64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1319
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"ffdshow_is1" = rev2546
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PROSetDX" = Intel® Network Connections 13.1.33.0
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C69CD1-89D7-41DD-9A9A-3F495BA7E087}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{025E60CE-C77E-4449-AF20-ABC597BC7FCA}" = Aion
"{06A82E70-97F4-3BA9-65DB-692632659387}" = Catalyst Control Center InstallProxy
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DF30031-F15F-FD36-D9F8-EBC23B901894}" = Catalyst Control Center Graphics Light
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A772F15-B3FE-381A-BD29-82A78096B720}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
"{1B7E8D22-F280-4A8F-84BF-39B0F37F6D5F}" = Microsoft SQL Server System CLR Types
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EAF9B69-2078-4A98-BC6A-CA40F6A8ECCE}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3921564E-11A7-27AC-8D6F-D5FCA33DD083}" = Skins
"{3A09F880-BB02-490C-B2E7-7C09DD505B53}" = Microsoft SQL Server 2008 R2 Management Objects
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3E9016D4-5AD8-3A77-5A75-8C89C68992CD}" = Catalyst Control Center Graphics Previews Vista
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFD7413-B39A-4F86-A12D-7648C3E357F7}" = TaxCut Connecticut 2008
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
"{56F59702-1BB9-4C1B-BB8A-FB5F84A90378}" = H&R Block New York 2009
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A80C75C-EB3A-4275-A6C4-2E20349DBF4C}" = H&R Block New York 2010
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{732B5CC4-72BB-4D98-8F91-FA7FE6B920D6}" = H&R Block Connecticut 2011
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0284E02-8114-4D23-B7C7-C2C4FAD2C355}" = Dragon Saga
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6F13F58-5E31-42A5-8657-F8CCFDA00D61}" = H&R Block Connecticut 2010
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B88A3C98-CB4D-E3C2-DE49-EDAF1DC55CC1}" = CCC Help English
"{B9C73F69-63B7-552D-72D8-3C22B6B1A3E7}" = Catalyst Control Center Graphics Full New
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{CFC1C90B-E9A4-F656-BCA2-2A71ECCBD8F5}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E01A8BFE-96AB-FEA3-4A3B-EEF9849D1E24}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85F1E5F-B2C3-427C-A7C8-E0F8430CBA68}" = Gateway
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F30C2BC8-BB58-413F-B928-4F100AD1BE2B}" = H&R Block Connecticut 2009
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F569596C-049F-BF15-E0A9-B7605D9B181E}" = Catalyst Control Center Core Implementation
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"APB Reloaded" = APB Reloaded
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Burger Shop 2 1.00" = Burger Shop 2 1.00
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"Download Manager" = Download Manager 2.3.8
"DragonNest" = DragonNest
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESN Sonar" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"H&R Block Business 2009" = H&R Block Business 2009 (Remove Only)
"H&R Block Business 2010" = H&R Block Business 2010 (Remove Only)
"H&R Block Business 2011" = H&R Block Business 2011 (Remove Only)
"HaaliMkx" = Haali Media Splitter
"Impulse" = Impulse
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MoneyToolbox" = MSN Money Investment Toolbox
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.1.0.530
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Origin" = Origin
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Quick Search Box" = Google Quick Search Box
"RayV" = DTVblizzcon
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 8.0
"StarCraft II" = StarCraft II
"TaxCut Business 2008" = TaxCut Business 2008 (Remove Only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Vindictus" = Vindictus
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"webmmf" = WebM Media Foundation Components
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Move Media Player" = Move Media Player
"NCsoft-GuildWars" = Guild Wars
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 31 May 2012 - 09:06 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
emarkunger
Posted 31 May 2012 - 08:01 PM

emarkunger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am a little confused by your response. I have already done what you asked me to do. The text filed you mentioned are in my original email so I gather your reply is a canned response. I have already done everything you asked for so I hope you can help me out.
  • 0

#4
Gammo
Posted 01 June 2012 - 10:55 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I know there's already a OTL report in your first post. However I'd like a fresh one to work with, so please run a new Quick Scan with OTL and post the resulting log file in your next reply. :thumbsup:
  • 0

#5
emarkunger
Posted 03 June 2012 - 08:52 PM

emarkunger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
For whatever reason, the application only opened an OTL.Txt file and no Extras.Txt file.

Here is the OTL.Txt file:
OTL logfile created on: 6/3/2012 5:30:32 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Naruemon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.21% Memory free
2.82 Gb Paging File | 1.52 Gb Available in Paging File | 53.76% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.08 Gb Total Space | 6.56 Gb Free Space | 4.49% Space Free | Partition Type: NTFS

Computer Name: MOM | User Name: Naruemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/09 11:49:18 | 001,104,488 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspmain.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
PRC - [2012/04/03 16:32:10 | 001,302,248 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspupdt.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/01/14 23:18:22 | 000,581,248 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe
PRC - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/19 22:50:28 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/13 16:53:42 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/13 18:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/02 17:04:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/02 17:04:17 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/29 18:31:01 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll
MOD - [2012/05/09 03:22:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:19:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:18:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2011/10/19 23:00:16 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/29 18:31:01 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe -- (NSPUpdateService)
SRV - [2012/03/31 16:32:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/14 23:18:22 | 000,581,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe -- (NSPService)
SRV - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 19:34:00 | 003,433,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GameMon.des -- (npggsvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva273.sys -- (XDva273)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva248.sys -- (XDva248)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva238.sys -- (XDva238)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/06/03 02:26:59 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01754F83-D634-4D06-95B2-AF5783B57B3C}\MpKslb492241a.sys -- (MpKslb492241a)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/01/14 22:24:20 | 000,108,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\TKCtrl2k.sys -- (TKCtrl)
DRV - [2012/01/14 21:24:20 | 000,108,992 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\TKFW.sys -- (TKFW)
DRV - [2012/01/14 21:24:20 | 000,088,000 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\tkids.sys -- (TKIDS)
DRV - [2012/01/14 21:24:20 | 000,082,368 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\tkfwflt.sys -- (TKFWFLT)
DRV - [2011/10/23 19:04:48 | 000,497,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EagleXNt.sys -- (EagleXNt)
DRV - [2011/10/19 22:50:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/19 22:50:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/29 14:07:56 | 000,141,632 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\TKFsAv.sys -- (TKFsAvM)
DRV - [2011/09/29 14:07:56 | 000,028,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\TKPcFtHk.sys -- (TKPcFt)
DRV - [2011/06/15 12:20:32 | 000,108,736 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfw.sys -- (NPFW)
DRV - [2011/03/28 11:55:58 | 000,086,368 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npids.sys -- (NPIDS)
DRV - [2011/03/28 11:55:58 | 000,082,496 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfwflt.sys -- (NPFWFLT)
DRV - [2011/03/28 11:55:58 | 000,018,496 | ---- | M] (INCA Internet Co., Ltd.) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\TKFsFt.sys -- (TkFsFtM)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctDS.sys -- (pctDS)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (ZD1211U(Hawking Technologies)) Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/12/13 04:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{76271242-43FE-48EB-B375-097D9C3FC55C}: "URL" = http://www.google.co...ie7&rlz=1I7GGLG
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{C3E7C74A-A43F-4BC0-84E5-0ADFFA7DA9EB}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-nick
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\WINDOWS\proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.plusnetwo...ork.com/?sp=hp"
FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Smartbar Search"
FF - prefs.js..keyword.URL: "http://www.plusnetwo...m/?sp=faddr&q="

FF - user.js..browser.startup.homepage: "http://search.condui...ctid=CT1940427"
FF - user.js..network.proxy.backup.ftp: ""
FF - user.js..network.proxy.backup.ftp_port: 0
FF - user.js..network.proxy.backup.gopher: ""
FF - user.js..network.proxy.backup.gopher_port: 0
FF - user.js..network.proxy.backup.socks: ""
FF - user.js..network.proxy.backup.socks_port: 0
FF - user.js..network.proxy.backup.ssl: ""
FF - user.js..network.proxy.backup.ssl_port: 0
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 8080
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 8080
FF - user.js..network.proxy.http: "127.0.0.1"
FF - user.js..network.proxy.http_port: 8080
FF - user.js..network.proxy.share_proxy_settings: true
FF - user.js..network.proxy.socks: "127.0.0.1"
FF - user.js..network.proxy.socks_port: 8080
FF - user.js..network.proxy.ssl: "127.0.0.1"
FF - user.js..network.proxy.ssl_port: 8080
FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "file:///C:\WINDOWS\proxy.pac"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/01 21:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/03 21:27:56 | 000,000,000 | ---D | M]

[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions
[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions\[email protected]
[2012/06/02 16:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions
[2012/05/26 15:40:10 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/05/26 15:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\staged
[2012/06/02 16:25:26 | 000,000,000 | ---D | M] (MediaFire Toolbar) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/02/14 17:25:50 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\searchplugins\Messenger Plus Smartbar Search.xml
[2011/12/30 19:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/17 14:36:51 | 000,433,788 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14934 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\Toolbar\ShellBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\Toolbar\WebBrowser: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [GateWay] C:\Documents and Settings\Naruemon\GateWayMain.exe File not found
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKLM..\RunOnce: [MessengerPlusForSkypeUninstall] C:\Documents and Settings\Naruemon\Local Settings\Temp\MsgPlusUninstall.exe (Yuna Software)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; SearchToolbar 1.2; (R1 1.5); .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 2.0.50727)" -"http://www.vixine.co...swap_game.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Naruemon\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..Trusted Domains: linkworkspace.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://www.linkwork...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208126236109 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelg...in/cortvrml.cab (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1004.cab (MGLaunch_v1004 Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames...ctivex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers...eminfo/MSC3.cab (Futuremark Measurement Services Client)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7BC391-8E7B-4233-B94F-3D49E9709F16}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B82366-2926-40FA-AFC4-8BDD633EE722}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE928E25-F8F3-446E-9932-6FC1208E18E9}: NameServer = 167.206.251.16,167.206.251.80,167.206.251.15
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/02 16:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\Application Data\AskToolbar
[2012/06/02 16:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/06/02 16:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\AskToolbar
[2012/06/02 16:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\MediaFire
[2012/06/01 21:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/26 15:30:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/09 21:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Oddworld
[2012/05/06 22:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Drakensang
[2012/05/05 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\gothic3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 17:50:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/03 17:43:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/06/03 17:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 16:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 02:17:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/03 01:06:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 22:05:43 | 000,003,342 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Queen’s Blade Gyokuza wo Tsugumono OVA - Watch Queen’s Blade Gyokuza wo Tsugumono OVA Stream.url
[2012/06/02 21:45:29 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/06/01 23:53:21 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Queen's Blade Utsukushiki Toushitachi Episode 2 Online - AnimeDreaming.url
[2012/06/01 23:52:45 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Queen's Blade OVA Episode 1 Online - AnimeDreaming.url
[2012/06/01 21:03:14 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/06/01 17:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/28 19:18:02 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/28 18:06:21 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Spybot S&D.lnk
[2012/05/28 00:07:15 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/27 19:56:38 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 6 Online - AnimeDreaming.url
[2012/05/27 18:50:51 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/26 15:36:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/26 15:33:06 | 000,196,793 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/26 15:32:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/26 15:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/26 15:31:02 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/25 21:35:29 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/19 00:53:24 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/18 17:47:57 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/17 00:06:08 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/05/09 03:49:37 | 003,629,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 03:17:53 | 000,494,750 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 03:17:53 | 000,091,962 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 03:12:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/02 16:25:23 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/01 23:53:21 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Queen's Blade Utsukushiki Toushitachi Episode 2 Online - AnimeDreaming.url
[2012/06/01 23:52:45 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Queen's Blade OVA Episode 1 Online - AnimeDreaming.url
[2012/06/01 23:52:21 | 000,003,342 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Queen’s Blade Gyokuza wo Tsugumono OVA - Watch Queen’s Blade Gyokuza wo Tsugumono OVA Stream.url
[2012/06/01 21:03:14 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/28 18:06:21 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Spybot S&D.lnk
[2012/05/27 19:56:38 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 6 Online - AnimeDreaming.url
[2012/05/27 18:50:51 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GameFly.lnk
[2012/05/27 18:50:50 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/26 15:31:03 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/05/26 15:31:03 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/05/26 15:31:03 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
[2012/05/26 15:31:02 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/05/25 21:35:29 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/19 00:53:24 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/18 17:47:57 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/17 00:06:08 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/04/04 23:23:42 | 000,000,534 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2012/02/15 04:19:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 02:21:35 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\sn3win.dll
[2011/09/13 20:04:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 18:46:49 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/25 18:46:49 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Naruemon\Application Data\PnkBstrK.sys
[2011/05/25 18:46:47 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/25 18:46:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/04/17 14:24:08 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/16 22:58:52 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgfs.sys
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2010/07/03 20:19:12 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat

========== LOP Check ==========

[2005/04/14 20:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/11/15 00:40:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/28 12:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dI06504CgHeD06504
[2010/05/30 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/03/13 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2012/02/14 17:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/23 19:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/25 19:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/08 18:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/24 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/28 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/12/24 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/03/14 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/12/04 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/06/03 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/08/12 15:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2012/01/28 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\.minecraft
[2011/10/19 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\46A744AFDD6CDC4B6C37CAD56B339F2A
[2012/06/02 16:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\AskToolbar
[2012/01/31 13:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Asofys
[2011/01/08 20:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Audacity
[2009/07/06 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BoneTown Demo
[2011/04/26 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BugTrap Console Test108
[2012/02/15 21:46:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Naruemon\Application Data\C12C590F
[2011/11/28 18:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/03 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Dragona
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FloodLightGames
[2008/07/12 00:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FLV Extract
[2006/02/11 11:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\funkitron
[2008/03/19 21:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Gaijin Ent
[2012/04/03 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GameFly
[2011/10/27 22:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GetRightToGo
[2009/10/08 19:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GSC 2.00
[2008/10/29 22:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\ICAClient
[2005/12/20 21:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Leadertech
[2006/02/12 17:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Magic Match
[2007/05/07 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Musicmatch
[2005/12/14 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Panasonic
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PlayFirst
[2008/07/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Playrix Entertainment
[2011/04/12 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PriceGong
[2012/05/18 17:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\RenPy
[2005/12/24 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\River Past G4
[2010/06/28 15:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE
[2008/09/06 22:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE Creature Creator
[2011/06/23 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Stu Bedore
[2012/02/05 03:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Syispe
[2005/11/28 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\The Labyrinth Plus! Edition
[2008/03/29 18:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Total Eclipse
[2005/11/26 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Wildfire
[2010/01/18 10:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Desktop Search
[2010/01/18 10:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Search
[2012/06/02 21:45:29 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/06/03 17:43:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2012/06/03 17:50:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/19 19:41:48 | 000,000,404 | ---- | M] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2011/11/23 14:50:02 | 000,000,404 | ---- | C] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2010/08/23 19:06:47 | 000,000,000 | ---D | M](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2010/08/23 19:06:47 | 000,000,000 | ---D | C](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2007/04/03 02:14:58 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2007/04/03 02:14:58 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2006/12/29 23:29:44 | 000,036,352 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/12/14 11:51:09 | 000,026,191 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:51:09 | 000,026,191 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:46:38 | 000,024,013 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/14 11:41:54 | 000,024,013 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/02 02:00:46 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/12/02 02:00:46 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/11/22 12:50:01 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/22 12:36:09 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/10/19 01:25:52 | 000,054,784 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/08 23:45:02 | 000,054,784 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/08 22:00:44 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/08 21:59:26 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/07 09:45:01 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/07 09:37:39 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/02 23:51:34 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/09/28 17:44:27 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/28 17:34:57 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:56 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:07:01 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/27 17:51:55 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/07/19 02:02:24 | 000,036,352 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/06/04 21:59:22 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/06/04 21:59:21 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/05/31 12:18:50 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2006/05/31 12:06:10 | 000,037,888 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 12:06:09 | 000,037,888 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/30 15:27:09 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/30 15:25:11 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 02:23:41 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 01:58:45 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/28 00:17:08 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2005/09/13 21:28:03 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/13 21:28:02 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB19013$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D4624A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73C25840
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8985F330
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D762B9DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41EF5EA2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF5EAC0C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5B501E5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >
  • 0

#6
Gammo
Posted 04 June 2012 - 05:36 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\WINDOWS\proxy.pac
FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com/?sp=hp"
FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Smartbar Search"
FF - prefs.js..keyword.URL: "http://www.plusnetwork.com/?sp=faddr&q="
FF - user.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1940427"
FF - user.js..network.proxy.backup.ftp: ""
FF - user.js..network.proxy.backup.ftp_port: 0
FF - user.js..network.proxy.backup.gopher: ""
FF - user.js..network.proxy.backup.gopher_port: 0
FF - user.js..network.proxy.backup.socks: ""
FF - user.js..network.proxy.backup.socks_port: 0
FF - user.js..network.proxy.backup.ssl: ""
FF - user.js..network.proxy.backup.ssl_port: 0
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 8080
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 8080
FF - user.js..network.proxy.http: "127.0.0.1"
FF - user.js..network.proxy.http_port: 8080
FF - user.js..network.proxy.share_proxy_settings: true
FF - user.js..network.proxy.socks: "127.0.0.1"
FF - user.js..network.proxy.socks_port: 8080
FF - user.js..network.proxy.ssl: "127.0.0.1"
FF - user.js..network.proxy.ssl_port: 8080
FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "file:///C:\WINDOWS\proxy.pac"
[2012/05/26 15:40:10 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/06/02 16:25:26 | 000,000,000 | ---D | M] (MediaFire Toolbar) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/02/14 17:25:50 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\searchplugins\Messenger Plus Smartbar Search.xml
O2 - BHO: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006\..\Toolbar\WebBrowser: (MediaFire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKU\S-1-5-21-2292039778-2617604353-2424026137-1006..\Run: [GateWay] C:\Documents and Settings\Naruemon\GateWayMain.exe File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O35 - HKCU\..exefile [open] -- "%1" %*
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/05/28 12:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dI06504CgHeD06504
[2011/10/19 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\46A744AFDD6CDC4B6C37CAD56B339F2A
[2012/02/15 21:46:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Naruemon\Application Data\C12C590F
[2011/04/12 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PriceGong
[2012/03/03 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Dragona
[2011/06/23 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Stu Bedore
[2012/02/05 03:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Syispe
[2012/01/31 13:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Asofys

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\Ask.com
C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
emarkunger
Posted 08 June 2012 - 10:53 AM

emarkunger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Gammo,
I was unable to use the fix feature of OTL.exe. The first time I tried it, it hung and the bottom said stoping processes. This went on for hours till I pushed the button to restart the computer.

The second time I tried it, it hung again but I can't tell you what it was doing or what the screen for OTL.exe said because it was completely white, it never repainted to see what was going on.

I tried shutting down all the anti-virus I could. MS Essentials doesn't seem to have a way to click on the icon and stop it but it said it was stopped when I started OTL.exe anyhow.

Any ideas?
  • 0

#8
Gammo
Posted 08 June 2012 - 11:42 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please skip the OTL fix and continue with the ComboFix instructions. :thumbsup:
  • 0

#9
emarkunger
Posted 23 June 2012 - 06:28 PM

emarkunger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,
I ran ComboFix and it seems to have worked. It said my son's computer had RootKit.ZeroAccess. It rebooted several times before completing which is expected I'm sure. I have attached the log file.

Attached Files

  • Attached File  log.txt   28.06KB   124 downloads

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP