Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads In Browser


  • Please log in to reply

#1
HKim42

HKim42

    Member

  • Member
  • PipPip
  • 19 posts
I get popup ads in firefox sometimes, and clicking links on google sometimes redirects me to ads. Sometimes when I am browsing the internet, no web pages load for several seconds, then load normally, but I have not noticed any latency problems in online games. Firefox also sometimes tries to update, but it doesn't work, it says something is preventing it from updating. Windows firewall has been disabled, and if I try to re-enable it, it says "windows firewall can't change some of your settings error code 0x80070424" I've tried running malwarebytes and gooredfix, but neither of these did anything. Any help would be appreciated. Thanks!

Here is OTL logfile:

OTL logfile created on: 6/11/2012 8:30:44 PM - Run 5
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 45.24% Memory free
8.00 Gb Paging File | 4.90 Gb Available in Paging File | 61.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 327.22 Gb Free Space | 35.13% Space Free | Partition Type: NTFS
Drive F: | 3.75 Gb Total Space | 3.39 Gb Free Space | 90.46% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 134.04 Gb Free Space | 14.39% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 20:30:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.scr
PRC - [2012/06/10 13:24:45 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/01 11:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/19 03:36:24 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/04 01:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/22 21:20:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/20 23:21:05 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jdk1.7.0\jre\bin\java.exe
PRC - [2011/09/14 05:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2011/08/02 03:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/15 19:03:30 | 000,581,120 | ---- | M] () -- C:\Program Files\BlueJ\bluej.exe
PRC - [2010/10/05 12:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/21 11:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/12/15 14:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/08/13 20:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/10 13:24:45 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/01 11:39:51 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/26 19:10:42 | 000,295,936 | ---- | M] () -- C:\Users\Eric\AppData\Local\Temp\cehtf.dll
MOD - [2012/05/19 03:36:24 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/19 03:36:23 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/19 03:36:23 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/19 03:36:23 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/19 03:36:23 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/04 01:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/12/03 00:12:40 | 000,098,304 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\foobar2000\user-components\foo_input_alac\foo_input_alac.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/20 13:21:14 | 001,457,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2011/09/14 05:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2011/09/14 05:10:12 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2011/09/14 05:09:52 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2011/09/14 05:09:46 | 001,130,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2011/09/14 05:09:40 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2011/09/14 05:09:32 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2011/09/14 05:09:32 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2011/09/14 05:09:06 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2011/09/14 05:08:24 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2011/09/14 05:08:22 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2011/09/14 05:07:44 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2011/07/15 19:03:30 | 000,581,120 | ---- | M] () -- C:\Program Files\BlueJ\bluej.exe
MOD - [2010/04/21 08:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/07/19 15:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/19 03:36:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/11/01 00:15:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/16 23:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/29 14:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 14:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 18:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/03/29 04:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 05:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 DE ED AF 3C 2F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 15:06:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 20:02:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}: C:\Users\Eric\AppData\Local\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}\ [2012/05/11 02:05:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F9416C60-A787-11E1-8270-B8AC6F996F26}: C:\Users\Eric\AppData\Local\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}\ [2012/05/11 02:05:12 | 000,000,000 | ---D | M]

[2012/02/06 21:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/05/21 03:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wa5svetl.default\extensions
[2012/06/07 15:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/11 02:05:12 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ERIC\APPDATA\LOCAL\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}
[2012/05/21 03:30:31 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/23 02:43:09 | 000,077,626 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\[email protected]
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/09/20 23:22:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/07 15:38:01 | 000,000,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [\\IOMEGA-0A4E29\Printer1] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S7637.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [cehtf] C:\Users\Eric\AppData\Local\Temp\cehtf.dll ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3A17-9CC8-402C-8A9D-DC90054C809C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5FD9B8C6-36FD-493C-9E98-D99BB78E59B2}
[2012/06/11 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F96426ED-BF56-4ECA-AAB7-BAC7BEA3FBE6}
[2012/06/11 02:29:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D0BA3D0B-3DD6-44B7-85C3-6DEDED2C6D40}
[2012/06/11 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{704B973B-242E-4342-870E-BEC6C7407E87}
[2012/06/10 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5E1B8F7A-363A-4C33-87E4-C1F32A7489E2}
[2012/06/10 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C5996DAF-6C9A-48BF-843F-66B154879D03}
[2012/06/10 13:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Macromedia
[2012/06/10 02:28:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85C0CC2E-F6E6-4544-8A48-AD853007683C}
[2012/06/10 02:28:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6179B1C1-0087-4C45-B782-1576D20CD56F}
[2012/06/09 14:27:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AE6359EC-685E-4F5B-8CB6-C8B63F3F59C9}
[2012/06/09 14:27:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13092FFF-BEA6-4DDA-8273-347FE77D9079}
[2012/06/09 02:27:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B8229D78-8426-449A-A4D3-FEBAA3625656}
[2012/06/09 02:27:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{87845579-475E-4AA2-9C00-58EAF285DE0E}
[2012/06/08 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E87B8A95-D838-4735-ADFA-81F52231696A}
[2012/06/08 14:26:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{411C21B8-3F6E-4A9A-BADB-DBDF138B6371}
[2012/06/08 02:26:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D134B4D-587C-4CCF-8E14-CEE40E287B26}
[2012/06/08 02:26:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4A28CA09-B072-485B-995A-2CA2826F294D}
[2012/06/07 15:17:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/07 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85E2331B-CE1B-4895-873E-B683FA48A9A5}
[2012/06/07 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9AD3E5B3-91FE-40CD-8E28-BB7B463FB0AB}
[2012/06/07 02:25:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{09F40F87-D5FC-488B-AFA1-8B23E7162D72}
[2012/06/07 02:24:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A919D19E-67CD-4B47-B260-24CDF6E60C31}
[2012/06/06 14:24:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5827305A-40AA-43A6-B4FE-D4638409A755}
[2012/06/06 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DAB66442-FEE4-480B-888E-9BB518AFAF0A}
[2012/06/06 02:23:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5DDC4E63-8057-44AF-AE8E-BFE1C67E7DBB}
[2012/06/06 02:23:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C93E81CB-D272-48D8-9F0D-DF52FDE09F91}
[2012/06/05 23:58:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\New folder
[2012/06/05 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{62A7ED40-5012-4351-9894-5694FC26F832}
[2012/06/05 14:22:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{539D4615-48AB-4786-BF33-E715380CD3DB}
[2012/06/05 02:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{848546B9-F4F1-414D-BB92-93716F43ACC0}
[2012/06/05 02:22:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDA8DF88-4804-457D-9FEB-83A2131768DA}
[2012/06/04 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0C369753-E3A3-491A-BA4E-D5215E1AC31B}
[2012/06/04 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F70394B0-4975-4D0D-ACE0-3F0B8391CB43}
[2012/06/04 02:21:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B7581378-DCCA-486E-A7F8-7712F61CB539}
[2012/06/04 02:21:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{22B29B15-9DCA-4DC8-9297-604188944C4F}
[2012/06/03 15:08:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\ISUGUI
[2012/06/03 14:20:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{124063D9-EA1A-4093-9240-B25566419985}
[2012/06/03 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4AFB7035-30DB-460E-A3BB-6A913B057855}
[2012/06/03 02:20:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B588D20-9577-4065-B16E-2D3D9CF91ED6}
[2012/06/03 02:19:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{94E239B9-8E33-45ED-89EA-B72F9D87E541}
[2012/06/02 14:19:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4B0B53D9-EF2D-40B5-9ED0-8CFF3568DEE5}
[2012/06/02 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{452F196E-53B7-4283-9E54-A418F6D8FD66}
[2012/06/02 02:19:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0F165025-BA63-4F0A-BD3B-C28D165BB6E5}
[2012/06/02 02:18:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7C5E0AD0-3388-4D9C-89CE-6D1C33769667}
[2012/06/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CF173F53-5353-470F-82DC-9C7FB6848BCE}
[2012/06/01 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3B854175-76A8-4C3F-9ED7-8460AE465483}
[2012/05/31 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B8FF632-9AAA-4E81-84BF-771BCB6B5072}
[2012/05/31 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2D489DB5-E953-4220-8178-EB9095A9D738}
[2012/05/31 20:50:15 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/05/31 09:29:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2CE13985-C32D-41DA-9BB7-C3D6B928CE14}
[2012/05/31 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82BED44A-BCD2-4CB9-A14A-AD60D05E23A7}
[2012/05/31 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\GooredFix Backups
[2012/05/30 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\.netbeans-derby
[2012/05/30 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\.netbeans-registration
[2012/05/30 23:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetBeans 6.7.1
[2012/05/30 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D4C772FB-8086-46F9-9214-B77F89251BA3}
[2012/05/30 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1D15F7BE-8A01-41A9-9943-0003970E86BB}
[2012/05/30 02:51:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{149CFB29-1115-4385-B7BE-F319A2A77B12}
[2012/05/30 02:51:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D34EFD1B-C513-4338-B990-0221A665E4BA}
[2012/05/29 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{61B696AB-3E2E-49E5-9CA7-6899A0367E02}
[2012/05/29 14:50:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{79BCEA69-B185-48AC-ADF9-1A48F9100F9B}
[2012/05/29 02:50:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82EBD94A-F883-46BD-9808-026E38D66357}
[2012/05/29 02:50:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C813F4CE-9EB4-4346-AA42-7E359A0D9562}
[2012/05/28 14:49:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9B80F022-6679-4C5F-86BA-17A651369C47}
[2012/05/28 14:49:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FC158D60-8298-4E85-99F7-4D2E5EDA8CCC}
[2012/05/28 02:49:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{48560570-ACD4-4FF9-B647-4648DCE8BC71}
[2012/05/28 02:49:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{054C3C15-D3BD-4387-92B6-6DBDD0F4D354}
[2012/05/27 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{31F2C2B8-F468-47C5-BF9E-4ACB082DB5DC}
[2012/05/27 14:48:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8291EBCD-6630-4059-B18F-D76C926A491F}
[2012/05/27 02:23:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6EB2A689-6DE9-441A-8C85-EE9144246333}
[2012/05/27 02:22:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7B604A2C-212D-4DC6-B2BF-723480BFBD68}
[2012/05/26 19:22:36 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/26 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F2E8654A-0125-4312-B8B1-00903E829ED7}
[2012/05/26 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D931AF20-1880-4C11-9FC2-F936ACF8063F}
[2012/05/26 02:22:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{998BD516-F7F9-44DC-B3E5-D94710FC2477}
[2012/05/26 02:21:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1176178B-0598-450B-8858-A55914D208B7}
[2012/05/25 14:21:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E1D8CAEE-5C9E-4C8B-AA92-FC7533501A77}
[2012/05/25 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{507FD9B5-9FFE-4D34-AFE3-59076091A150}
[2012/05/25 02:20:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{510FFA7C-746A-4CB1-A529-1C3867DD68D9}
[2012/05/25 02:20:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{795EE233-BC1B-4395-921E-3C1509E58430}
[2012/05/24 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{12185D68-7EFF-44F0-AB60-A221CA359E28}
[2012/05/24 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E7B2D883-6EC7-49D8-8F87-766B3211A20D}
[2012/05/24 02:19:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EC170754-FAD9-42D4-8677-FAEF47A46D6F}
[2012/05/24 02:19:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1E0809AF-24FA-48F4-83C7-B032BED07101}
[2012/05/23 14:18:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{894705B0-AA0C-4C26-B28F-A36B5B350264}
[2012/05/23 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A4A73560-ABDB-4957-968B-3A925EEA8447}
[2012/05/23 01:17:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{32B89F66-DC01-4E22-9DD2-6F984AAAE14D}
[2012/05/23 01:17:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{610F05EC-CD5F-44BF-A9FD-DF4A9FAC005A}
[2012/05/22 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{46D0145E-0378-4DAB-BFAC-C5AA5F6FA545}
[2012/05/22 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EED6D0CD-6CA0-4721-8DF1-3CDFEDF856EE}
[2012/05/22 01:16:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D5BFF797-EA7D-4419-BA54-0CEC055369B7}
[2012/05/22 01:16:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E7DE3A45-12C4-4578-BC0A-8CB43483BC7C}
[2012/05/21 13:16:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D630597D-85F6-46B7-B5F0-EEE79908C863}
[2012/05/21 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E6D4C62D-E766-44BB-9927-2123FEDD323B}
[2012/05/21 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E6D6535A-BD78-41FE-8CE6-3E9FCE311792}
[2012/05/21 01:15:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0AA539A7-4428-4322-9517-B0C13549F2C8}
[2012/05/20 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E5E4903E-6ADE-4441-B6A7-7477320D24A0}
[2012/05/20 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B74958A1-8E17-4308-A3E9-BCDCA74C70C3}
[2012/05/20 01:04:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E03D2CB7-7272-4CFC-A7A9-510CA460A3DE}
[2012/05/20 01:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C63BBC55-9B1B-443D-860B-0E19EB10F986}
[2012/05/19 21:05:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/19 17:53:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo
[2012/05/19 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2012/05/19 14:11:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Apple
[2012/05/19 13:04:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6842E9B2-9BB0-425A-94CB-F3C01E8E8F50}
[2012/05/19 13:04:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4437B009-32CB-4F86-B04C-B2FDE7E46CBF}
[2012/05/18 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7E2E96B7-0149-4F02-9D4B-534A77DD2084}
[2012/05/18 16:03:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29ECDF17-8C2C-482F-9F93-F3C97E17F353}
[2012/05/18 03:46:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{46633320-F046-4D56-B032-D384459B062B}
[2012/05/18 03:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F2805A81-50B0-4098-AE71-4B5BD0ACE3DC}
[2012/05/17 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{64A59AB9-B724-4BBA-907B-212D9C583B6E}
[2012/05/17 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D81434F-99AD-4C53-89C8-6367B2FA5F7F}
[2012/05/16 16:09:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F0CA34BA-5DAF-4DC6-AD05-DF262AF71DC0}
[2012/05/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A183D381-CAE0-487A-ADF9-E591A206C527}
[2012/05/15 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B6B27365-674A-48D1-8C79-42BD94144708}
[2012/05/15 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{069D7165-4301-4BF4-AB7C-5F59E007DDA6}
[2012/05/15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E9B44AD6-749F-4D8D-A294-AC9284C88747}
[2012/05/15 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{80FEB801-59CE-4FD0-BB91-DDD685F78F73}
[2012/05/14 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7D37C91A-161B-4C5C-92B8-8A6636E2D368}
[2012/05/14 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5A3665C-861B-43BB-A664-CDE718A60D18}
[2012/05/14 04:08:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{252C78E0-2764-4E44-BB01-601AB9A321C0}
[2012/05/14 04:07:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0F8E4C91-77A2-4B45-B9BE-D6263E0121AC}
[2012/05/13 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4B7FEF82-EC7F-42AB-A285-E98EF5649B95}
[2012/05/13 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE923538-4DAA-422B-8999-7FEB03C75E95}
[2012/05/13 02:27:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{89E56D19-2D7C-4D47-9C01-7F471B611652}
[2012/05/13 02:27:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A305C823-112B-4A52-8DD2-255DDDEBB881}

========== Files - Modified Within 30 Days ==========

[2012/06/11 20:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/06/11 18:42:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/11 18:42:40 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/11 18:42:40 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/11 17:21:34 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 17:21:34 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 16:18:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/06/11 11:08:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 11:08:13 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 15:38:01 | 000,000,798 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/07 15:34:53 | 000,000,448 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/07 15:06:35 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/04 20:21:58 | 000,003,240 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2012/06/04 20:21:58 | 000,001,772 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2012/06/04 20:21:58 | 000,001,770 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2012/06/04 20:21:58 | 000,001,768 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2012/06/04 20:21:58 | 000,001,766 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2012/06/03 15:08:30 | 000,032,918 | ---- | M] () -- C:\Users\Eric\Desktop\ISUGUI.rar
[2012/05/30 23:31:17 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.7.1.lnk
[2012/05/26 19:29:10 | 000,013,970 | ---- | M] () -- C:\Users\Eric\Desktop\VideoStore.rar
[2012/05/22 20:30:10 | 000,279,824 | ---- | M] () -- C:\Users\Eric\Documents\paradoxoftoilpdf.pdf
[2012/05/21 00:57:17 | 000,066,936 | -HS- | M] () -- C:\Windows\dlinfo_0.drv
[2012/05/19 15:41:10 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe
[2012/05/19 15:41:10 | 000,061,440 | ---- | M] () -- C:\Windows\diabunin.exe
[2012/05/18 01:42:39 | 000,000,967 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/18 01:42:39 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/15 22:40:13 | 000,007,603 | ---- | M] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2012/06/03 15:08:29 | 000,032,918 | ---- | C] () -- C:\Users\Eric\Desktop\ISUGUI.rar
[2012/05/30 23:31:17 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.7.1.lnk
[2012/05/26 19:29:12 | 000,013,970 | ---- | C] () -- C:\Users\Eric\Desktop\VideoStore.rar
[2012/05/22 20:30:10 | 000,279,824 | ---- | C] () -- C:\Users\Eric\Documents\paradoxoftoilpdf.pdf
[2012/05/21 00:57:17 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2012/05/19 15:41:10 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/05/19 15:41:10 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2012/05/18 01:42:39 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/03/12 21:56:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/12 21:56:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/12 21:56:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/12 21:56:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/12 21:56:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 21:57:53 | 000,000,468 | ---- | C] () -- C:\Program Files (x86)\cod5key.reg
[2012/02/09 21:57:53 | 000,000,090 | ---- | C] () -- C:\Program Files (x86)\visit-forum.bat
[2012/02/07 01:19:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/07 01:19:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/07 02:49:51 | 000,126,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/02 04:21:54 | 000,005,632 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/09 06:26:10 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 06:16:37 | 000,007,603 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/08/11 02:00:29 | 000,001,772 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2011/08/10 22:51:33 | 000,003,240 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2011/08/10 22:51:33 | 000,001,770 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2011/08/10 22:51:33 | 000,001,768 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2011/08/10 22:51:33 | 000,001,766 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2011/08/10 22:41:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2011/11/01 00:16:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
[2012/06/11 11:38:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\foobar2000
[2011/11/29 02:34:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ICAClient
[2011/10/11 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ImgBurn
[2011/08/12 04:18:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/11/20 01:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2012/04/16 04:32:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\RenPy
[2011/08/11 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SharePod
[2012/01/25 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SystemRequirementsLab
[2012/06/11 05:06:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2012/02/08 01:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/05/02 20:31:14 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by HKim42, 11 June 2012 - 10:47 PM.

  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, HKim42. Welcome to GTG. I'll help you out with your malware issue(s). Just keep in mind that some of my replies may be delayed due to the fact that I still need to have my fixes approved by an expert before they are posted here.

I'll be sure to post my set of instructions for you to follow soon.
  • 0

#3
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:


How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That said, I can still help you clean out the malware as best as I can without going that route, so if you decide that you don't want to do a format and reinstall of Windows, then please do the following:

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 2

Delete the current version of OTL.exe that you have on your system and download the latest version of OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
HKim42

HKim42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks again for the help, and for the fast reply. I probably will reformat in a month or two, but in the meantime I would like to try to remove virus while i finish a few projects and find something to do with my files. I have ran aswMBR, but you did not say what to put in the custom scans/fixes box of OTL so I just put aswMBR log, although I am not sure this is what you want. Here are logs.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 15:15:46
-----------------------------
15:15:46.054 OS Version: Windows x64 6.1.7600
15:15:46.054 Number of processors: 4 586 0xF0B
15:15:46.055 ComputerName: ERIC-PC UserName: Eric
15:15:49.224 Initialize success
15:17:28.785 AVAST engine defs: 12061200
15:19:56.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:19:56.679 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
15:19:56.692 Disk 0 MBR read successfully
15:19:56.694 Disk 0 MBR scan
15:19:56.698 Disk 0 Windows 7 default MBR code
15:19:56.702 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
15:19:56.716 Disk 0 scanning C:\Windows\system32\drivers
15:20:03.549 Service scanning
15:20:18.634 Modules scanning
15:20:18.643 Disk 0 trace - called modules:
15:20:18.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:20:18.670 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a40060]
15:20:18.674 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004499e40]
15:20:18.682 5 ACPI.sys[fffff88000ef8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047df060]
15:20:20.471 AVAST engine scan C:\Windows
15:20:23.804 AVAST engine scan C:\Windows\system32
15:20:59.380 File: C:\Windows\system32\msftesql.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:21:47.135 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:21:48.944 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:22:57.159 AVAST engine scan C:\Windows\system32\drivers
15:23:06.491 AVAST engine scan C:\Users\Eric
15:33:08.016 File: C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\n **INFECTED** Win32:Sirefef-PL [Rtk]
15:41:49.998 AVAST engine scan C:\ProgramData
15:44:23.779 Scan finished successfully
15:48:38.386 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
15:48:38.391 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"


OTL logfile created on: 6/12/2012 5:19:51 PM - Run 6
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 53.97% Memory free
8.00 Gb Paging File | 5.78 Gb Available in Paging File | 72.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 326.63 Gb Free Space | 35.06% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 134.04 Gb Free Space | 14.39% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:13:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
PRC - [2012/06/01 11:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/19 03:36:24 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/22 21:20:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/14 05:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2011/08/02 03:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/05 12:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/21 11:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/12/15 14:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/08/13 20:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/01 11:39:51 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/26 19:10:42 | 000,295,936 | ---- | M] () -- C:\Users\Eric\AppData\Local\Temp\cehtf.dll
MOD - [2012/05/19 03:36:24 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/19 03:36:23 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/19 03:36:23 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/19 03:36:23 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/19 03:36:23 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/12/03 00:12:40 | 000,098,304 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\foobar2000\user-components\foo_input_alac\foo_input_alac.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/20 13:21:14 | 001,457,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2011/09/14 05:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2011/09/14 05:10:12 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2011/09/14 05:09:52 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2011/09/14 05:09:46 | 001,130,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2011/09/14 05:09:40 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2011/09/14 05:09:32 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2011/09/14 05:09:32 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2011/09/14 05:09:06 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2011/09/14 05:08:24 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2011/09/14 05:08:22 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2011/09/14 05:07:44 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2010/04/21 08:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/07/19 15:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/19 03:36:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/11/01 00:15:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/16 23:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/29 14:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 14:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 18:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/03/29 04:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 05:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 DE ED AF 3C 2F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 15:06:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 20:02:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}: C:\Users\Eric\AppData\Local\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}\ [2012/05/11 02:05:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F9416C60-A787-11E1-8270-B8AC6F996F26}: C:\Users\Eric\AppData\Local\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}\ [2012/05/11 02:05:12 | 000,000,000 | ---D | M]

[2012/02/06 21:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/05/21 03:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wa5svetl.default\extensions
[2012/06/07 15:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/11 02:05:12 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ERIC\APPDATA\LOCAL\{3CE0F853-9B2F-11E1-826E-B8AC6F996F26}
[2012/05/21 03:30:31 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/23 02:43:09 | 000,077,626 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\[email protected]
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/09/20 23:22:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/07 15:38:01 | 000,000,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [\\IOMEGA-0A4E29\Printer1] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S7637.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [cehtf] C:\Users\Eric\AppData\Local\Temp\cehtf.dll ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3A17-9CC8-402C-8A9D-DC90054C809C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 14:31:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6B8C9543-BEC9-484D-B3EF-8304AAEAF27D}
[2012/06/12 14:30:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6FD654FC-AEE8-4DFD-8500-FC07AB31745B}
[2012/06/12 02:30:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A21E0CCE-BEDF-4D46-92FF-9480A924CE54}
[2012/06/12 02:30:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B3C72098-35C0-4C36-B4C5-BF11C30AFC81}
[2012/06/11 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5FD9B8C6-36FD-493C-9E98-D99BB78E59B2}
[2012/06/11 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F96426ED-BF56-4ECA-AAB7-BAC7BEA3FBE6}
[2012/06/11 02:29:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D0BA3D0B-3DD6-44B7-85C3-6DEDED2C6D40}
[2012/06/11 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{704B973B-242E-4342-870E-BEC6C7407E87}
[2012/06/10 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5E1B8F7A-363A-4C33-87E4-C1F32A7489E2}
[2012/06/10 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C5996DAF-6C9A-48BF-843F-66B154879D03}
[2012/06/10 13:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Macromedia
[2012/06/10 02:28:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85C0CC2E-F6E6-4544-8A48-AD853007683C}
[2012/06/10 02:28:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6179B1C1-0087-4C45-B782-1576D20CD56F}
[2012/06/09 14:27:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AE6359EC-685E-4F5B-8CB6-C8B63F3F59C9}
[2012/06/09 14:27:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13092FFF-BEA6-4DDA-8273-347FE77D9079}
[2012/06/09 02:27:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B8229D78-8426-449A-A4D3-FEBAA3625656}
[2012/06/09 02:27:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{87845579-475E-4AA2-9C00-58EAF285DE0E}
[2012/06/08 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E87B8A95-D838-4735-ADFA-81F52231696A}
[2012/06/08 14:26:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{411C21B8-3F6E-4A9A-BADB-DBDF138B6371}
[2012/06/08 02:26:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D134B4D-587C-4CCF-8E14-CEE40E287B26}
[2012/06/08 02:26:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4A28CA09-B072-485B-995A-2CA2826F294D}
[2012/06/07 15:17:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/07 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85E2331B-CE1B-4895-873E-B683FA48A9A5}
[2012/06/07 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9AD3E5B3-91FE-40CD-8E28-BB7B463FB0AB}
[2012/06/07 02:25:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{09F40F87-D5FC-488B-AFA1-8B23E7162D72}
[2012/06/07 02:24:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A919D19E-67CD-4B47-B260-24CDF6E60C31}
[2012/06/06 14:24:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5827305A-40AA-43A6-B4FE-D4638409A755}
[2012/06/06 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DAB66442-FEE4-480B-888E-9BB518AFAF0A}
[2012/06/06 02:23:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5DDC4E63-8057-44AF-AE8E-BFE1C67E7DBB}
[2012/06/06 02:23:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C93E81CB-D272-48D8-9F0D-DF52FDE09F91}
[2012/06/05 23:58:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\New folder
[2012/06/05 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{62A7ED40-5012-4351-9894-5694FC26F832}
[2012/06/05 14:22:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{539D4615-48AB-4786-BF33-E715380CD3DB}
[2012/06/05 02:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{848546B9-F4F1-414D-BB92-93716F43ACC0}
[2012/06/05 02:22:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDA8DF88-4804-457D-9FEB-83A2131768DA}
[2012/06/04 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0C369753-E3A3-491A-BA4E-D5215E1AC31B}
[2012/06/04 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F70394B0-4975-4D0D-ACE0-3F0B8391CB43}
[2012/06/04 02:21:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B7581378-DCCA-486E-A7F8-7712F61CB539}
[2012/06/04 02:21:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{22B29B15-9DCA-4DC8-9297-604188944C4F}
[2012/06/03 15:08:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\ISUGUI
[2012/06/03 14:20:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{124063D9-EA1A-4093-9240-B25566419985}
[2012/06/03 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4AFB7035-30DB-460E-A3BB-6A913B057855}
[2012/06/03 02:20:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B588D20-9577-4065-B16E-2D3D9CF91ED6}
[2012/06/03 02:19:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{94E239B9-8E33-45ED-89EA-B72F9D87E541}
[2012/06/02 14:19:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4B0B53D9-EF2D-40B5-9ED0-8CFF3568DEE5}
[2012/06/02 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{452F196E-53B7-4283-9E54-A418F6D8FD66}
[2012/06/02 02:19:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0F165025-BA63-4F0A-BD3B-C28D165BB6E5}
[2012/06/02 02:18:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7C5E0AD0-3388-4D9C-89CE-6D1C33769667}
[2012/06/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CF173F53-5353-470F-82DC-9C7FB6848BCE}
[2012/06/01 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3B854175-76A8-4C3F-9ED7-8460AE465483}
[2012/05/31 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B8FF632-9AAA-4E81-84BF-771BCB6B5072}
[2012/05/31 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2D489DB5-E953-4220-8178-EB9095A9D738}
[2012/05/31 20:50:15 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/05/31 09:29:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2CE13985-C32D-41DA-9BB7-C3D6B928CE14}
[2012/05/31 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82BED44A-BCD2-4CB9-A14A-AD60D05E23A7}
[2012/05/31 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\GooredFix Backups
[2012/05/30 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\.netbeans-derby
[2012/05/30 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\.netbeans-registration
[2012/05/30 23:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetBeans 6.7.1
[2012/05/30 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D4C772FB-8086-46F9-9214-B77F89251BA3}
[2012/05/30 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1D15F7BE-8A01-41A9-9943-0003970E86BB}
[2012/05/30 02:51:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{149CFB29-1115-4385-B7BE-F319A2A77B12}
[2012/05/30 02:51:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D34EFD1B-C513-4338-B990-0221A665E4BA}
[2012/05/29 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{61B696AB-3E2E-49E5-9CA7-6899A0367E02}
[2012/05/29 14:50:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{79BCEA69-B185-48AC-ADF9-1A48F9100F9B}
[2012/05/29 02:50:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82EBD94A-F883-46BD-9808-026E38D66357}
[2012/05/29 02:50:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C813F4CE-9EB4-4346-AA42-7E359A0D9562}
[2012/05/28 14:49:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9B80F022-6679-4C5F-86BA-17A651369C47}
[2012/05/28 14:49:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FC158D60-8298-4E85-99F7-4D2E5EDA8CCC}
[2012/05/28 02:49:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{48560570-ACD4-4FF9-B647-4648DCE8BC71}
[2012/05/28 02:49:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{054C3C15-D3BD-4387-92B6-6DBDD0F4D354}
[2012/05/27 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{31F2C2B8-F468-47C5-BF9E-4ACB082DB5DC}
[2012/05/27 14:48:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8291EBCD-6630-4059-B18F-D76C926A491F}
[2012/05/27 02:23:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6EB2A689-6DE9-441A-8C85-EE9144246333}
[2012/05/27 02:22:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7B604A2C-212D-4DC6-B2BF-723480BFBD68}
[2012/05/26 19:22:36 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/26 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F2E8654A-0125-4312-B8B1-00903E829ED7}
[2012/05/26 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D931AF20-1880-4C11-9FC2-F936ACF8063F}
[2012/05/26 02:22:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{998BD516-F7F9-44DC-B3E5-D94710FC2477}
[2012/05/26 02:21:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1176178B-0598-450B-8858-A55914D208B7}
[2012/05/25 14:21:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E1D8CAEE-5C9E-4C8B-AA92-FC7533501A77}
[2012/05/25 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{507FD9B5-9FFE-4D34-AFE3-59076091A150}
[2012/05/25 02:20:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{510FFA7C-746A-4CB1-A529-1C3867DD68D9}
[2012/05/25 02:20:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{795EE233-BC1B-4395-921E-3C1509E58430}
[2012/05/24 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{12185D68-7EFF-44F0-AB60-A221CA359E28}
[2012/05/24 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E7B2D883-6EC7-49D8-8F87-766B3211A20D}
[2012/05/24 02:19:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EC170754-FAD9-42D4-8677-FAEF47A46D6F}
[2012/05/24 02:19:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1E0809AF-24FA-48F4-83C7-B032BED07101}
[2012/05/23 14:18:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{894705B0-AA0C-4C26-B28F-A36B5B350264}
[2012/05/23 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A4A73560-ABDB-4957-968B-3A925EEA8447}
[2012/05/23 01:17:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{32B89F66-DC01-4E22-9DD2-6F984AAAE14D}
[2012/05/23 01:17:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{610F05EC-CD5F-44BF-A9FD-DF4A9FAC005A}
[2012/05/22 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{46D0145E-0378-4DAB-BFAC-C5AA5F6FA545}
[2012/05/22 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EED6D0CD-6CA0-4721-8DF1-3CDFEDF856EE}
[2012/05/22 01:16:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D5BFF797-EA7D-4419-BA54-0CEC055369B7}
[2012/05/22 01:16:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E7DE3A45-12C4-4578-BC0A-8CB43483BC7C}
[2012/05/21 13:16:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D630597D-85F6-46B7-B5F0-EEE79908C863}
[2012/05/21 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E6D4C62D-E766-44BB-9927-2123FEDD323B}
[2012/05/21 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E6D6535A-BD78-41FE-8CE6-3E9FCE311792}
[2012/05/21 01:15:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0AA539A7-4428-4322-9517-B0C13549F2C8}
[2012/05/20 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E5E4903E-6ADE-4441-B6A7-7477320D24A0}
[2012/05/20 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B74958A1-8E17-4308-A3E9-BCDCA74C70C3}
[2012/05/20 01:04:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E03D2CB7-7272-4CFC-A7A9-510CA460A3DE}
[2012/05/20 01:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C63BBC55-9B1B-443D-860B-0E19EB10F986}
[2012/05/19 21:05:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/19 17:53:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo
[2012/05/19 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2012/05/19 14:11:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Apple
[2012/05/19 13:04:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6842E9B2-9BB0-425A-94CB-F3C01E8E8F50}
[2012/05/19 13:04:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4437B009-32CB-4F86-B04C-B2FDE7E46CBF}
[2012/05/18 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7E2E96B7-0149-4F02-9D4B-534A77DD2084}
[2012/05/18 16:03:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29ECDF17-8C2C-482F-9F93-F3C97E17F353}
[2012/05/18 03:46:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{46633320-F046-4D56-B032-D384459B062B}
[2012/05/18 03:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F2805A81-50B0-4098-AE71-4B5BD0ACE3DC}
[2012/05/17 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{64A59AB9-B724-4BBA-907B-212D9C583B6E}
[2012/05/17 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D81434F-99AD-4C53-89C8-6367B2FA5F7F}
[2012/05/16 16:09:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F0CA34BA-5DAF-4DC6-AD05-DF262AF71DC0}
[2012/05/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A183D381-CAE0-487A-ADF9-E591A206C527}
[2012/05/15 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B6B27365-674A-48D1-8C79-42BD94144708}
[2012/05/15 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{069D7165-4301-4BF4-AB7C-5F59E007DDA6}
[2012/05/15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E9B44AD6-749F-4D8D-A294-AC9284C88747}
[2012/05/15 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{80FEB801-59CE-4FD0-BB91-DDD685F78F73}
[2012/05/14 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7D37C91A-161B-4C5C-92B8-8A6636E2D368}
[2012/05/14 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5A3665C-861B-43BB-A664-CDE718A60D18}
[2012/05/14 04:08:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{252C78E0-2764-4E44-BB01-601AB9A321C0}
[2012/05/14 04:07:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0F8E4C91-77A2-4B45-B9BE-D6263E0121AC}

========== Files - Modified Within 30 Days ==========

[2012/06/12 17:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/06/12 16:10:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/06/12 16:02:36 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:02:36 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 15:55:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 15:55:18 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 15:54:36 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2012/06/12 15:48:38 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/06/11 18:42:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/11 18:42:40 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/11 18:42:40 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/07 15:38:01 | 000,000,798 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/07 15:34:53 | 000,000,448 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/07 15:06:35 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/04 20:21:58 | 000,003,240 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2012/06/04 20:21:58 | 000,001,772 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2012/06/04 20:21:58 | 000,001,770 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2012/06/04 20:21:58 | 000,001,768 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2012/06/04 20:21:58 | 000,001,766 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2012/06/03 15:08:30 | 000,032,918 | ---- | M] () -- C:\Users\Eric\Desktop\ISUGUI.rar
[2012/05/30 23:31:17 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.7.1.lnk
[2012/05/26 19:29:10 | 000,013,970 | ---- | M] () -- C:\Users\Eric\Desktop\VideoStore.rar
[2012/05/22 20:30:10 | 000,279,824 | ---- | M] () -- C:\Users\Eric\Documents\paradoxoftoilpdf.pdf
[2012/05/21 00:57:17 | 000,066,936 | -HS- | M] () -- C:\Windows\dlinfo_0.drv
[2012/05/19 15:41:10 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe
[2012/05/19 15:41:10 | 000,061,440 | ---- | M] () -- C:\Windows\diabunin.exe
[2012/05/18 01:42:39 | 000,000,967 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/18 01:42:39 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/15 22:40:13 | 000,007,603 | ---- | M] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2012/06/12 15:54:36 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2012/06/12 15:48:38 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/06/07 15:35:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\00000008.@
[2012/06/03 15:08:29 | 000,032,918 | ---- | C] () -- C:\Users\Eric\Desktop\ISUGUI.rar
[2012/05/30 23:31:17 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.7.1.lnk
[2012/05/26 19:29:12 | 000,013,970 | ---- | C] () -- C:\Users\Eric\Desktop\VideoStore.rar
[2012/05/26 19:12:06 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\80000032.@
[2012/05/26 19:12:06 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\80000000.@
[2012/05/26 19:11:40 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\80000064.@
[2012/05/26 19:11:40 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\L\00000004.@
[2012/05/26 19:11:39 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\00000004.@
[2012/05/26 19:11:39 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\U\000000cb.@
[2012/05/22 20:30:10 | 000,279,824 | ---- | C] () -- C:\Users\Eric\Documents\paradoxoftoilpdf.pdf
[2012/05/21 00:57:17 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2012/05/19 15:41:10 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/05/19 15:41:10 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2012/05/18 01:42:39 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/03/12 21:56:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/12 21:56:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/12 21:56:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/12 21:56:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/12 21:56:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 21:57:53 | 000,000,468 | ---- | C] () -- C:\Program Files (x86)\cod5key.reg
[2012/02/09 21:57:53 | 000,000,090 | ---- | C] () -- C:\Program Files (x86)\visit-forum.bat
[2012/02/07 01:19:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/07 01:19:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/10 18:16:49 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\@
[2012/01/10 18:16:49 | 000,002,048 | -HS- | C] () -- C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\@
[2012/01/07 02:49:51 | 000,126,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/02 04:21:54 | 000,005,632 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/09 06:26:10 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 06:16:37 | 000,007,603 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/08/11 02:00:29 | 000,001,772 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2011/08/10 22:51:33 | 000,003,240 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2011/08/10 22:51:33 | 000,001,770 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2011/08/10 22:51:33 | 000,001,768 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2011/08/10 22:51:33 | 000,001,766 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2011/08/10 22:41:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2011/11/01 00:16:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
[2012/06/12 16:12:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\foobar2000
[2011/11/29 02:34:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ICAClient
[2011/10/11 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ImgBurn
[2011/08/12 04:18:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/11/20 01:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2012/04/16 04:32:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\RenPy
[2011/08/11 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SharePod
[2012/01/25 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SystemRequirementsLab
[2012/06/12 03:30:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2012/02/08 01:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/05/02 20:31:14 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software >

< Run date: 2012-06-12 15:15:46 >

< ----------------------------- >

< 15:15:46.054 OS Version: Windows x64 6.1.7600 >

< 15:15:46.054 Number of processors: 4 586 0xF0B >

< 15:15:46.055 ComputerName: ERIC-PC UserName: Eric >

< 15:15:49.224 Initialize success >

< 15:17:28.785 AVAST engine defs: 12061200 >

< 15:19:56.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 >

< 15:19:56.679 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3 >

< 15:19:56.692 Disk 0 MBR read successfully >

< 15:19:56.694 Disk 0 MBR scan >

< 15:19:56.698 Disk 0 Windows 7 default MBR code >

< 15:19:56.702 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63 >
Invalid Switch: NTFS NTFS 953859 MB offset 63

< 15:19:56.716 Disk 0 scanning C:\Windows\system32\drivers >

< 15:20:03.549 Service scanning >

< 15:20:18.634 Modules scanning >

< 15:20:18.643 Disk 0 trace - called modules: >

< 15:20:18.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys >

< 15:20:18.670 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a40060] >

< 15:20:18.674 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004499e40] >

< 15:20:18.682 5 ACPI.sys[fffff88000ef8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047df060] >

< 15:20:20.471 AVAST engine scan C:\Windows >

< 15:20:23.804 AVAST engine scan C:\Windows\system32 >

< 15:20:59.380 File: C:\Windows\system32\msftesql.dll **INFECTED** Win64:ZAccess-E [Rtk] >

< 15:21:47.135 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] >

< 15:21:48.944 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] >

< 15:22:57.159 AVAST engine scan C:\Windows\system32\drivers >

< 15:23:06.491 AVAST engine scan C:\Users\Eric >

< 15:33:08.016 File: C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\n **INFECTED** Win32:Sirefef-PL [Rtk] >

< 15:41:49.998 AVAST engine scan C:\ProgramData >

< 15:44:23.779 Scan finished successfully >

< 15:48:38.386 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat" >

< 15:48:38.391 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt" >

< End of report >

Edited by HKim42, 12 June 2012 - 03:37 PM.

  • 0

#5
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
That's alright. If I don't specify a custom scan for you, then no need to add anything into the text field of OTL.

Ok, what I want you to do is open OTL again and, under the Extra Registry section, select Use SafeList.

Then select None for all the other sections including the File Scans section.

Then click Quick Scan.

Two logs should appear. OTL.txt and Extras.txt.

Ignore OTL.txt and only paste the contents of Extras.txt.
  • 0

#6
HKim42

HKim42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No Extras.txt appears when I do this.
  • 0

#7
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
In the same place where you last opened OTL, there should be a file called Extras.txt. If you see it, paste its contents. If not, let me know anyway.
  • 0

#8
HKim42

HKim42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
There is only OTL.Txt at that location.
  • 0

#9
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, no problem. We can deal with that one later. Next fix to be posted once approved.
  • 0

#10
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
While waiting for the fix to be approved, I think I know why Extras.txt isn't showing up. I made a small mistake. Instead of Quick Scan, do a Run Scan.

In short, follow the steps below:

Ok, what I want you to do is open OTL again and, under the Extra Registry section, select Use SafeList.

Then select None for all the other sections including the File Scans section.

Then click Run Scan.

Two logs should appear. OTL.txt and Extras.txt.

Ignore OTL.txt and only paste the contents of Extras.txt.
  • 0

Advertisements


#11
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
In addition to the above, please do the following:

Step 1

  • Re-run aswMBR.exe
  • Click [Scan]
  • On completion of the scan, click the [Fix] button

Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    MOD - [2012/05/26 19:10:42 | 000,295,936 | ---- | M] () -- C:\Users\Eric\AppData\Local\Temp\cehtf.dll
    O4 - HKCU..\Run: [cehtf] C:\Users\Eric\AppData\Local\Temp\cehtf.dll ()
    
    :FILES
    C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}
    C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    netsh winsock reset /c
    
    :COMMANDS
    [EMPTYTEMP]
    
  • Click the Run Fix button at the top.
  • When done, post the content of the resultant log in your next reply.

  • 0

#12
HKim42

HKim42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Something bad happened the first time I tried to run fix in OTL, I attached a picture. I ran it again, and it seems to have worked. Here are the logs.



OTL Extras logfile created on: 6/13/2012 12:04:27 PM - Run 8
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.23% Memory free
8.00 Gb Paging File | 5.54 Gb Available in Paging File | 69.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 325.40 Gb Free Space | 34.93% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 134.04 Gb Free Space | 14.39% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Printer and Utilities" = EPSON Printer Software
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.30
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battle.net" = Battle.net
"BlueJ_is1" = BlueJ 3.0.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo" = Diablo
"foobar2000" = foobar2000 v1.1.8
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GOM Player" = GOM Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IceChat_is1" = IceChat 7.70 (Build 20101031)
"ImgBurn" = ImgBurn
"Junipers_Knot" = Juniper's Knot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PS3 Media Server" = PS3 Media Server
"Steam App 104700" = Super Monday Night Combat
"Steam App 13570" = Tom Clancy's Splinter Cell: Chaos Theory
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"SystemRequirementsLab" = System Requirements Lab
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.8
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2012 2:50:34 AM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fc7abbb Exception code: 0xc0000005 Fault offset: 0x6588e36c Faulting
process id: 0xb4c Faulting application start time: 0x01cd453da8937370 Faulting application
path: c:\program files (x86)\steam\steamapps\toldyouso\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: 3eabce8c-b136-11e1-a5b7-00248c29a362

Error - 6/8/2012 5:58:08 PM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4f4c2b71 Exception code: 0xc0000005 Fault offset: 0x67e2c505 Faulting
process id: 0xf50 Faulting application start time: 0x01cd45c0a5d7a06a Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: jscript9.dll Report Id:
07d32ba7-b1b5-11e1-9f64-00248c29a362

Error - 6/9/2012 1:18:00 AM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4f4c2b71 Exception code: 0xc0000005 Fault offset: 0x67e2c505 Faulting
process id: 0x11b8 Faulting application start time: 0x01cd45fe99ff0ce3 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: jscript9.dll Report Id:
7ad3f152-b1f2-11e1-9f64-00248c29a362

Error - 6/10/2012 2:49:43 AM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4f4c2b71 Exception code: 0xc0000005 Fault offset: 0x670cc505 Faulting
process id: 0x164c Faulting application start time: 0x01cd46d4729679fb Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: jscript9.dll Report Id:
74cbdd27-b2c8-11e1-b799-00248c29a362

Error - 6/10/2012 2:19:49 PM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fc7abbb Exception code: 0xc0000005 Fault offset: 0x63eae36c Faulting
process id: 0x10b4 Faulting application start time: 0x01cd47344fa1bf6c Faulting application
path: c:\program files (x86)\steam\steamapps\toldyouso\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: dd208a24-b328-11e1-a393-00248c29a362

Error - 6/11/2012 3:14:45 AM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 13.0.0.4535,
time stamp: 0x4fc8de63 Faulting module name: NPSWF32_11_3_300_257.dll_unloaded,
version: 0.0.0.0, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:
0x5fdf9903 Faulting process id: 0xefc Faulting application start time: 0x01cd479ad9052d3e
Faulting
application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting
module path: NPSWF32_11_3_300_257.dll Report Id: 1eb8c6d5-b395-11e1-a393-00248c29a362

Error - 6/11/2012 7:51:11 PM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6661.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1510 Start
Time: 01cd4823961db077 Termination Time: 10 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE Report Id: 4941ac5c-b420-11e1-b86a-00248c29a362

Error - 6/12/2012 5:17:09 PM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:
11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,
version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:
0x0016b4ac Faulting process id: 0xd98 Faulting application start time: 0x01cd48e04d89ca2b
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report
Id: f77a5d58-b4d3-11e1-815c-00248c29a362

Error - 6/12/2012 10:05:15 PM | Computer Name = Eric-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 13.0.0.4535,
time stamp: 0x4fc8de63 Faulting module name: NPSWF32_11_3_300_257.dll_unloaded,
version: 0.0.0.0, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:
0x63979903 Faulting process id: 0xc8c Faulting application start time: 0x01cd48e818688024
Faulting
application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting
module path: NPSWF32_11_3_300_257.dll Report Id: 36ce9a5e-b4fc-11e1-815c-00248c29a362

Error - 6/12/2012 10:19:31 PM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.48.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 12a0 Start Time:
01cd490a519bbce4 Termination Time: 0 Application Path: C:\Users\Eric\Downloads\OTL.exe

Report
Id:

[ OSession Events ]
Error - 2/22/2012 11:47:28 PM | Computer Name = Eric-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 952
seconds with 480 seconds of active time. This session ended with a crash.

Error - 6/4/2012 1:02:22 AM | Computer Name = Eric-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7757
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/14/2012 10:40:08 AM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 2/14/2012 9:39:18 PM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/16/2012 2:21:46 PM | Computer Name = Eric-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/16/2012 2:21:49 PM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/20/2012 7:02:11 PM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2012 11:16:16 PM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/23/2012 12:11:37 AM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 2/23/2012 12:11:37 AM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 2/23/2012 1:20:56 AM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/23/2012 4:38:50 AM | Computer Name = Eric-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cehtf not found.
File C:\Users\Eric\AppData\Local\Temp\cehtf.dll not found.
========== FILES ==========
File\Folder C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575} not found.
File\Folder C:\Windows\Installer\{378f9e5f-edf7-fe3a-963c-4d6fd8141575} not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
< netsh winsock reset /c >
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset.
C:\Users\Eric\Downloads\cmd.bat deleted successfully.
C:\Users\Eric\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eric
->Temp folder emptied: 190689505 bytes
->Temporary Internet Files folder emptied: 73548549 bytes
->Java cache emptied: 8506 bytes
->FireFox cache emptied: 277054476 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 49989 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7849189 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51137 bytes
RecycleBin emptied: 352528449 bytes

Total Files Cleaned = 860.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06132012_121023

Files\Folders moved on Reboot...
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Eric\AppData\Local\Temp\~DFD1C9B3F2BC2B5F17.TMP not found!
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGI24E0D\ADSAdClient31[3].htm moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGI24E0D\Banner[4].htm moved successfully.

Registry entries deleted on Reboot...

Attached Thumbnails

  • otl.png

Edited by HKim42, 13 June 2012 - 10:18 AM.

  • 0

#13
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Do you have MalwareBytes' AntiMalware running in the background by any chance? If so, this may have caused OTL fix to stop working the first time. I should've told you to disable it before running the fix. But since it worked out the second time, it's all good for now.

Anyway, how's your computer going right now? Still having redirect problems and such?

What I want you to do next is re-run aswMBR.exe and click Scan. Once the scan is done, click Save log, save it to the Desktop, and paste its content in your next reply.

Also, I see from the event logs that there was an issue a while back with one of the drives (a controller error). Was this issue ever addressed? Either way, just to be on the safe side, please do the following:

  • Double-click My Computer, and then right-click G:.
  • Click Properties, and then click Tools.
  • Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed.
  • Select the Automatically fix file system errors check box.
  • Select the Scan for and attempt recovery of bad sectors check box, and then click Start.

You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, and then restart your computer to start the disk check.

When the disk check starts, check the screen every now and then to see if any errors and/or bad clusters/sectors are mentioned. If so, do let me know. You don't have to be precise with the details, just let me know (after the disk check is done) whether or not it sees (and even fixes/repairs) errors and bad sectors.
  • 0

#14
HKim42

HKim42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks, I don't think I'm still getting ads in firefox anymore, but I'm not entirely sure. I am still unable to turn on windows firewall though, it says "windows firewall can't change some of your settings error code 0x80070424". Is it really necessary that I sit around and watch for the disc check? I can run it overnight, but I don't really have time to sit around unable to use computer waiting for check right now. Its just a portable hard drive that contains almost entirely videos. Anyways, here is aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 15:15:46
-----------------------------
15:15:46.054 OS Version: Windows x64 6.1.7600
15:15:46.054 Number of processors: 4 586 0xF0B
15:15:46.055 ComputerName: ERIC-PC UserName: Eric
15:15:49.224 Initialize success
15:17:28.785 AVAST engine defs: 12061200
15:19:56.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:19:56.679 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
15:19:56.692 Disk 0 MBR read successfully
15:19:56.694 Disk 0 MBR scan
15:19:56.698 Disk 0 Windows 7 default MBR code
15:19:56.702 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
15:19:56.716 Disk 0 scanning C:\Windows\system32\drivers
15:20:03.549 Service scanning
15:20:18.634 Modules scanning
15:20:18.643 Disk 0 trace - called modules:
15:20:18.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:20:18.670 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a40060]
15:20:18.674 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004499e40]
15:20:18.682 5 ACPI.sys[fffff88000ef8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047df060]
15:20:20.471 AVAST engine scan C:\Windows
15:20:23.804 AVAST engine scan C:\Windows\system32
15:20:59.380 File: C:\Windows\system32\msftesql.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:21:47.135 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:21:48.944 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:22:57.159 AVAST engine scan C:\Windows\system32\drivers
15:23:06.491 AVAST engine scan C:\Users\Eric
15:33:08.016 File: C:\Users\Eric\AppData\Local\{378f9e5f-edf7-fe3a-963c-4d6fd8141575}\n **INFECTED** Win32:Sirefef-PL [Rtk]
15:41:49.998 AVAST engine scan C:\ProgramData
15:44:23.779 Scan finished successfully
15:48:38.386 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
15:48:38.391 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 17:23:26
-----------------------------
17:23:26.428 OS Version: Windows x64 6.1.7600
17:23:26.428 Number of processors: 4 586 0xF0B
17:23:26.429 ComputerName: ERIC-PC UserName: Eric
17:23:28.780 Initialize success
17:24:54.119 AVAST engine defs: 12061501
17:25:09.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:25:09.447 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
17:25:09.454 Disk 0 MBR read successfully
17:25:09.457 Disk 0 MBR scan
17:25:09.461 Disk 0 Windows 7 default MBR code
17:25:09.464 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
17:25:09.478 Disk 0 scanning C:\Windows\system32\drivers
17:25:16.812 Service scanning
17:25:32.779 Modules scanning
17:25:32.787 Disk 0 trace - called modules:
17:25:32.803 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:25:32.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3f060]
17:25:32.810 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80047c8e40]
17:25:32.817 5 ACPI.sys[fffff88000f02781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047de060]
17:25:34.917 AVAST engine scan C:\Windows
17:25:38.409 AVAST engine scan C:\Windows\system32
17:28:08.761 AVAST engine scan C:\Windows\system32\drivers
17:28:34.618 AVAST engine scan C:\Users\Eric
17:44:28.777 AVAST engine scan C:\ProgramData
17:47:01.381 Scan finished successfully
17:47:24.956 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
17:47:24.965 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
  • 0

#15
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, run the chkdsk overnight if you must. We should be able to get the results of that chkdsk later.

As for the firewall issue, next post to come soon once approved.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP