Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/heur found from AVG

Started by riovas , Jul 05 2011 06:16 AM

  • Please log in to reply

#1
riovas
Posted 05 July 2011 - 06:16 AM

riovas

    New Member

  • Member
  • Pip
  • 1 posts
Hey guys!

About two months ago I got the win32/heur virus that pretty much took over my laptop. However, AVG free-edition 2011 was able to turn on and contain most of the virus, and from there I was able to download Malwarebyte's Anti-malware (MBAM) to remove all threats, and finally did system restore to about two weeks prior. Since then my computer was fairly normal, and did several suns with MBAM and no threats have been detected.

Yesterday MBAM warned me of a spyware.passwords.xgen and was successfully quarantined. I decided to remove this and do a full scan with MBAM. The log said there were no other threats or anything malicious fond. I then decided to do a full scan with AVG Free-edition 2011 and the report showed 15 threats of win32/heur, only 2 of which could be cured and healed.

I was wondering if anyone can help me remove the rest of the win32/heur and the spyware.passwords.xgen if it is still around.

I do not use this laptop for any financial accounts, however i do use it for school assignments and email.
Below is the OTL.txt log from OTL as well as the extras.txt

Any help would be very appreciated! Thank you!

OTL logfile created on: 7/5/2011 7:53:30 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Windsors\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.45% Memory free
7.68 Gb Paging File | 6.11 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.39 Gb Total Space | 122.62 Gb Free Space | 42.96% Space Free | Partition Type: NTFS
Drive D: | 12.69 Gb Total Space | 1.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive E: | 620.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WINDSORS-PC | User Name: Windsors | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 07:52:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windsors\Desktop\OTL.exe
PRC - [2011/06/22 15:03:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/03 15:48:36 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 07:52:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windsors\Desktop\OTL.exe
MOD - [2011/01/20 14:23:32 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/05/19 07:30:53 | 005,812,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MOD - [2008/07/27 14:03:11 | 000,018,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
MOD - [2008/01/20 22:50:15 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2006/11/02 05:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/01/21 20:33:14 | 000,943,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/01/13 11:18:40 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/01/08 07:07:56 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/03 15:48:32 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/05/04 05:28:18 | 000,076,800 | ---- | M] (Aspen Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\AspenTech\Aspen Remote Simulation Service V7.2\AspenTech.AspenCxs.RemotingSvc.exe -- (Aspen Remote Simulation Service V7.2)
SRV - [2010/04/14 17:51:18 | 001,648,480 | ---- | M] (ClanServers Hosting LLC) [Disabled | Stopped] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/25 14:54:04 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/21 20:31:34 | 000,075,064 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/22 14:14:20 | 000,802,816 | R--- | M] (Honeywell International Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Honeywell\SimStation\SimStation.exe -- (SimStation)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 23:13:56 | 000,150,520 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/14 21:28:12 | 000,117,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:34 | 000,026,704 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:22 | 000,029,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/10/08 11:21:29 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/15 21:31:41 | 000,290,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/07/09 15:16:16 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/21 21:00:54 | 005,105,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/01/20 10:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/08 07:07:56 | 000,469,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/29 20:31:48 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/12/20 03:03:08 | 001,344,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 18:55:12 | 000,261,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/26 22:25:10 | 000,041,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\ZDCNDIS6a64.sys -- (ZDCNDIS6a64)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/18 03:02:06] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/intl/xx-hacker/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.150
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF:64bit: - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windsors\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF:64bit: - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windsors\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF:64bit: - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windsors\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF:64bit: - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windsors\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windsors\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windsors\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/24 18:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 07:43:46 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/24 18:00:32 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 15:03:51 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 07:43:46 | 000,000,000 | ---D | M]

[2009/08/29 09:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Extensions
[2011/05/11 08:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions
[2011/03/14 21:21:32 | 000,000,000 | ---D | M] () -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/03/09 20:50:48 | 000,000,000 | ---D | M] ("LittleFox") -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2011/03/09 20:57:23 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2009/11/26 19:53:25 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/08/29 11:53:45 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2009/08/29 11:46:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/27 12:42:49 | 000,000,000 | ---D | M] (MoZelda) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\{f7ec1807-0076-495a-949c-eaf4716fe412}
[2011/03/16 22:21:20 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Windsors\AppData\Roaming\Mozilla\Firefox\Profiles\w8p6rxio.default\extensions\[email protected]
[2011/04/13 18:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/06 10:59:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/24 18:00:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2010/12/03 13:20:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/08/06 10:59:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EPSON Stylus NX400 Series] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Windsors\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Windsors\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{172f956b-c804-11de-9bbe-00269e231eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{172f956b-c804-11de-9bbe-00269e231eb6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 07:52:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Windsors\Desktop\OTL.exe
[2011/07/05 07:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/05 07:47:53 | 000,000,000 | ---D | C] -- C:\Users\Windsors\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/05 07:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/05 07:41:59 | 000,000,000 | ---D | C] -- C:\Users\Windsors\AppData\Local\Adobe
[2011/07/04 23:17:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/04 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Windsors\AppData\Roaming\AVG
[2011/07/04 19:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/07/04 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/30 22:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/30 22:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2011/06/30 22:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/30 22:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/30 22:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/30 22:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/30 22:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/30 22:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/06/30 22:41:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/25 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\Windsors\AppData\Roaming\GetRightToGo
[2011/06/25 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\Windsors\Documents\Downloads
[2011/06/20 13:15:42 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/20 13:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 07:52:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windsors\Desktop\OTL.exe
[2011/07/05 07:47:53 | 000,001,966 | ---- | M] () -- C:\Users\Windsors\Desktop\HiJackThis.lnk
[2011/07/05 07:46:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 07:43:46 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/05 07:38:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-354492430-2953659748-3219889498-1000UA.job
[2011/07/05 07:36:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 07:36:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 07:36:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 07:36:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/05 07:36:21 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 23:17:31 | 680,699,864 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/04 23:13:56 | 000,150,520 | ---- | M] () -- C:\Windows\SysNative\drivers\dwprot.sys
[2011/07/04 18:51:32 | 121,057,736 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/04 18:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-354492430-2953659748-3219889498-1000Core.job
[2011/07/04 17:41:29 | 000,001,408 | ---- | M] () -- C:\Users\Windsors\Documents\cc_20110704_174127.reg
[2011/07/04 17:40:48 | 000,046,736 | ---- | M] () -- C:\Users\Windsors\Documents\cc_20110704_174041.reg
[2011/07/04 17:32:02 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/30 22:47:38 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/30 08:32:32 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/30 08:32:32 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/30 08:32:32 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 11:52:13 | 000,087,765 | ---- | M] () -- C:\Users\Windsors\Desktop\Tyler Windsor - Resume.pdf
[2011/06/24 18:00:39 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/20 13:15:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 15:12:39 | 000,002,609 | ---- | M] () -- C:\Users\Windsors\Desktop\Excel.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 07:47:53 | 000,001,966 | ---- | C] () -- C:\Users\Windsors\Desktop\HiJackThis.lnk
[2011/07/05 07:42:29 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/05 07:42:29 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/04 23:15:36 | 680,699,864 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/04 23:13:56 | 000,150,520 | ---- | C] () -- C:\Windows\SysNative\drivers\dwprot.sys
[2011/07/04 17:41:28 | 000,001,408 | ---- | C] () -- C:\Users\Windsors\Documents\cc_20110704_174127.reg
[2011/07/04 17:40:43 | 000,046,736 | ---- | C] () -- C:\Users\Windsors\Documents\cc_20110704_174041.reg
[2011/07/04 17:32:02 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/30 22:47:38 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/30 22:47:23 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2011/06/30 22:47:23 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/06/29 11:52:12 | 000,087,765 | ---- | C] () -- C:\Users\Windsors\Desktop\Tyler Windsor - Resume.pdf
[2011/06/20 13:15:42 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 13:15:37 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/18 07:51:05 | 000,000,344 | ---- | C] () -- C:\ProgramData\42917624
[2011/05/05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/12 16:12:55 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/01/12 16:12:55 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/05/31 16:33:53 | 000,007,052 | -H-- | C] () -- C:\Users\Windsors\AppData\Local\d3d9caps.dat
[2010/03/25 19:20:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/12/24 15:55:39 | 000,000,040 | ---- | C] () -- C:\Windows\SysWow64\2Wire.ini
[2009/12/24 15:55:29 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\NB-WGASW.ini
[2009/11/23 13:58:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/10/09 23:14:41 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/10/09 23:14:03 | 000,000,021 | ---- | C] () -- C:\Windows\clofghls.dll
[2009/10/02 12:27:40 | 000,000,732 | -H-- | C] () -- C:\Users\Windsors\AppData\Local\d3d9caps64.dat
[2009/09/28 20:36:40 | 000,011,264 | ---- | C] () -- C:\Users\Windsors\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/21 20:31:35 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/09/21 20:31:34 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/21 20:31:34 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/08/29 11:35:46 | 000,027,528 | ---- | C] () -- C:\Users\Windsors\AppData\Roaming\UserTile.png
[2009/07/18 05:55:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/01 22:56:44 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/03/01 22:56:44 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/21 19:51:52 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/07/12 09:01:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\libbz2.dll
[2007/07/12 09:01:14 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BPCompressor.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/01/27 11:09:50 | 001,371,136 | R--- | C] () -- C:\Windows\SysWow64\XPOPT32.DLL

========== LOP Check ==========

[2010/10/18 08:57:03 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\.minecraft
[2009/08/29 09:20:20 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\acccore
[2011/03/09 00:45:43 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\AspenTech
[2011/07/04 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\AVG
[2010/10/16 22:29:52 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\AVG10
[2011/07/04 17:37:30 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\DAEMON Tools Pro
[2010/09/08 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Dropbox
[2009/08/30 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\fltk.org
[2010/08/24 08:22:27 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\GameTracker
[2011/06/25 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\GetRightToGo
[2011/01/24 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\gtk-2.0
[2010/05/10 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Honeywell
[2010/09/25 22:23:01 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\My Games
[2009/09/18 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Notepad++
[2010/08/06 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\OpenOffice.org
[2009/08/29 11:35:46 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\PeerNetworking
[2010/06/29 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\SystemRequirementsLab
[2011/01/17 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Unity
[2011/02/28 00:48:18 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Walgreens
[2009/08/29 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\WildTangent
[2011/03/21 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\Windsors\AppData\Roaming\Wireshark
[2011/07/04 23:45:22 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:37A07959

< End of report >

And here the Extras.txt

OTL Extras logfile created on: 7/5/2011 7:53:30 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Windsors\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.45% Memory free
7.68 Gb Paging File | 6.11 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.39 Gb Total Space | 122.62 Gb Free Space | 42.96% Space Free | Partition Type: NTFS
Drive D: | 12.69 Gb Total Space | 1.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive E: | 620.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WINDSORS-PC | User Name: Windsors | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-354492430-2953659748-3219889498-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5074E8F8-0389-4625-ABD5-60054F553849}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03665981-8087-49D0-8248-6070CE288D59}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{081B812D-1C8F-4945-94D8-83DDECB12B55}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{0CA33422-6B14-4ACB-88C4-A57F6FFFFBFE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{11DAD72B-EE8B-4193-BF38-946D451DE81B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{12E39C52-8B3A-4772-9319-D1D1CFB53431}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1B4FF727-294B-4F83-9E21-AB11F8836D99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{21DFD254-E5F2-4218-9007-5F6EE7B6BB0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{225F348A-77A5-47FC-9720-1FD2239591DB}" = protocol=17 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"{24ECF9B6-FFFE-42A1-9253-50ADE681668C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2A4DD4AF-61C2-4465-A31F-3D7711C7E415}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\honeywell\simstation\simstation.exe |
"{2CC847F4-1999-4BA9-88F4-CEF657F21462}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2DC3BBB1-BA98-493C-972A-206D2A11DEA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3373B2EB-0DAF-4F9C-8D66-1AAF54311F99}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{38169D85-FF49-4FC4-A76D-2ED368E85A68}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{392E48EE-CC6D-4578-BA8B-71521DE2D344}" = protocol=6 | dir=in | app=c:\program files (x86)\aspentech\amsystem v7.2\bin\aspenmodeler.exe |
"{3FC3DEB2-83D7-43D8-AC06-43461CEC2ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{4590B569-7E0F-46F3-851D-DFE820FE3281}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{45E4845D-F9C6-43EB-B14B-BC76B840C252}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4CBDC91C-5D58-4E17-BAF3-28BEA5E082FC}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{4CF68C05-DB04-40E5-B146-B87FABCB2AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{6A04041C-52BA-4587-9BD6-577AAD799FCB}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{6B7A4449-096F-47EB-AB43-33FFDC51A266}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{756794BA-7ADB-44DF-A405-EDD596D5FE05}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{7B67FA05-E8E1-49C1-A993-923A38B0FA8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{82A1E031-C307-4BD3-89DA-412D47C32235}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8484A919-607A-46C6-84AC-B4F0797E75BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{848AD6C9-E811-4AD0-B2BF-DB9F63BF58F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8651D03E-9C16-498B-A1BC-CE0E4274A591}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{89A5F000-A5F4-4AD1-8E7A-3D752F07F73A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{903C45B4-5624-4FB2-9233-AE939A6D9F47}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\honeywell\simstation\commutewizard.exe |
"{95F91F20-E4C5-428E-9BB0-7D2BFEE93F13}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A41B3D7-082C-4737-A3C5-FCF5E31D2EAE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{9CB35D02-9138-47FB-9A44-7D8E9880B72D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AC71E175-C6A7-4A03-90EE-74C154D46678}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{AEA02B26-36E2-41E1-AD80-738C3606EFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{AF457EB3-9951-4207-A662-D496451CDB2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B059D320-FD68-462C-804C-0C03403FBDBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B39AD60D-481A-4431-B8E7-A08345BAEE71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{B71CC12E-0046-4240-95EA-F8558DCD9932}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{B9B368DC-EF01-49F4-AC59-1B3505215C60}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD980FFC-4087-4A94-BDF9-E837B9511860}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{BDEAD1B1-D3AD-425A-96DE-C81DCE6782B7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\honeywell\simstation\simstation.exe |
"{C75B4F48-EF13-4803-BD22-4A0FB303A01F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC036785-F1FC-4436-9779-27C1B32B9C7E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CEAAC1B8-EE0C-455E-AEB6-9EF1FF15D5CF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{DDD2D715-A13D-48E1-AEA8-405B88789840}" = protocol=6 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"{E3960C65-FF9A-4943-8D1D-D2EAC29A9C36}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EA5AABDE-050F-4264-B7C3-B62DB6ED2F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\aspentech\amsystem v7.2\bin\aspenmodeler.exe |
"{EA7F26D7-57AC-4246-BF33-BE491AEA3C79}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\honeywell\simstation\commutewizard.exe |
"{F236D59C-DC17-4D70-AB21-BC9BA47DBD2D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF1FEAA5-2769-40EC-82F2-CD13C9F708CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{77A8E45F-824A-4ACA-89B6-56EDABF0B660}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{DD037892-192D-44C5-B5E5-2571CDB2B47D}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{DE00D2CA-B921-4D2B-82BF-F8F2B4281610}C:\users\windsors\desktop\games\mmdm\skulltag.exe" = protocol=6 | dir=in | app=c:\users\windsors\desktop\games\mmdm\skulltag.exe |
"UDP Query User{002E8CEA-8B75-44D6-A0CF-7FC594586E3F}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{6F85B5E9-41E0-4B2F-B7A9-906254BD20F4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{F729C982-4D57-4E15-AFDF-858E9B314089}C:\users\windsors\desktop\games\mmdm\skulltag.exe" = protocol=17 | dir=in | app=c:\users\windsors\desktop\games\mmdm\skulltag.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4044201A-8576-2999-1166-96C5593F3CFF}" = ATI Catalyst Install Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78DC83C7-7E9D-4518-8DFE-C8BBF69173D9}" = AVG 2011
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF1FFBA0-5851-46D1-90E8-818E4E75CCCF}" = AVG 2011
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"AVG" = AVG 2011
"CCleaner" = CCleaner
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Recuva" = Recuva
"SharePort Utility" = SharePort Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{303D2831-5F43-4FF6-89CB-C165AD8F53D4}" = Polymath Educational
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{418D5410-7A7B-315F-0CF9-A76BC6C131DC}" = Catalyst Control Center InstallProxy
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6BFD1B08-1458-4FC7-B080-995F45B0D211}" = Honeywell UniSim ThermoWorkbench R360
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B09CBB28-CC65-4427-A583-7A5A601B5A0E}" = Process Modeling (Aspen Plus) V7.2
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0379E71-7CB9-893E-1A20-9581E10999EC}" = Catalyst Control Center InstallProxy
"{D83DB934-A186-4A96-A2B9-FF333BAB2D6A}" = Process Modeling (HYSYS) V7.2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B01D6C-DC51-4800-A83B-6AD2E7FD3276}" = Honeywell UniSim Design R380
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Big Kahuna Reef_is1" = Big Kahuna Reef
"Coffee Rush_is1" = Coffee Rush
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Diner Dash_is1" = Diner Dash
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Scanner" = EPSON Scan
"Fallout Collection" = Fallout Collection
"Farm Frenzy_is1" = Farm Frenzy
"GameTracker Lite" = GameTracker Lite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.90
"SafeConnect" = SafeConnect
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"Steam App 17530" = D.I.P.R.I.P. Warm Up
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 17730" = Smashball
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Tiberian Sun" = Command & Conquer Tiberian Sun
"VLC media player" = VLC media player 1.0.2
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"Wireshark" = Wireshark 1.4.4
"WOLAPI" = Westwood Shared Internet Components
"WT076586" = Build-a-lot 4 - Power Source

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-Magic The Gathering Tactics" = Magic The Gathering Tactics
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2011 3:24:45 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1008
Description =

Error - 6/26/2011 3:24:45 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1023
Description =

Error - 6/27/2011 4:47:43 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1008
Description =

Error - 6/27/2011 4:47:43 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1023
Description =

Error - 6/27/2011 4:47:45 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1008
Description =

Error - 6/27/2011 4:47:45 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1023
Description =

Error - 6/28/2011 5:22:41 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1008
Description =

Error - 6/28/2011 5:22:41 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1023
Description =

Error - 6/28/2011 5:22:42 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1008
Description =

Error - 6/28/2011 5:22:42 PM | Computer Name = Windsors-PC | Source = Perflib | ID = 1023
Description =

[ OSession Events ]
Error - 11/29/2010 4:48:54 PM | Computer Name = Windsors-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2479
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/5/2011 12:32:31 AM | Computer Name = Windsors-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11328
seconds with 3480 seconds of active time. This session ended with a crash.

Error - 3/7/2011 4:34:20 PM | Computer Name = Windsors-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2011 11:18:04 PM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/4/2011 11:18:04 PM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/4/2011 11:18:22 PM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/4/2011 11:22:39 PM | Computer Name = Windsors-PC | Source = HTTP | ID = 15016
Description =

Error - 7/4/2011 11:23:42 PM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/5/2011 7:36:34 AM | Computer Name = Windsors-PC | Source = HTTP | ID = 15016
Description =

Error - 7/5/2011 7:37:53 AM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/5/2011 7:42:02 AM | Computer Name = Windsors-PC | Source = DCOM | ID = 10005
Description =

Error - 7/5/2011 7:42:02 AM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/5/2011 7:42:02 AM | Computer Name = Windsors-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP