PDA

View Full Version : Processes taking up abnormal amount of RAM.



Zaokii
2010-10-18, 22:19
A long, long time ago, I got a pretty nasty virus. It opened up a fake antivirus software, prompting me to purchase it. Again, this was a long time ago. I don't remember what it was called, as I got rid of it almost immediately. My computer would run no .exe besides iexplorer.exe, so I ran it in safe mode and had to run several different antivirus softwares and go into the folder where it was hiding in order to remove it.
Problem is, since the incident, there have been.. an insane amount of svchost.exe processes, and also SearchIndexer.exe has been going nonstop as well. Normally, I would shrug it off - however, it's taking up a lot of RAM..
The first svchost.exe is taking up 1.5GB. The second one is taking up 1.2GB. Search Indexer is taking up only .5GB but I'd really like that .5 back, you know?

I'm also having a littttle bit of trouble with the DDS file. You see, it's been running for about ten minutes now and hasn't budged. The little progress dots are showing up at the bottom of it but it seems to be stuck. I have a HijackThis! file if that would be helpful but it's not looking good for the DDS log. I even restarted it, and am still running into the same problem.

All antivirus scanners I'm using (Spybot S&D, MBAM, and.. SuperAntiSpyware?) come up inconclusive, finding nothing.

Holy crap, it took about fifteen minutes but it finally finished.


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Owner at 15:16:48.50 on Mon 10/18/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8183.6159 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Owner\Documents\lalala\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=58.138.142.145:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask .exe" -atboottime
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mExplorerRun: [jgyo0w] C:\Users\Owner\AppData\Local\Temp\19aqp.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://mail.jhsph.edu/owa/MWScripts/AttachView/1.5/DAX.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wojx14r6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:robots
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-2-28 227856]
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2009-4-2 10632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/02 21:20:41];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-2-28 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-28 211968]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-16 1153368]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2010-7-1 77352]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2009-8-12 362496]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-1 27704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-8-31 35840]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]

=============== Created Last 30 ================

2010-10-18 01:26:14 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-18 01:26:13 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-15 15:38:52 -------- d-----w- C:\Program Files (x86)\MSECache
2010-10-14 23:13:16 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 23:13:16 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-14 23:13:11 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 23:13:11 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-14 23:13:11 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-14 23:13:11 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-14 23:13:10 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 23:13:10 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-14 23:13:09 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-14 23:13:09 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-14 23:13:08 316928 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-14 23:13:08 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-13 19:10:54 -------- d-----w- C:\Windows\SysWow64\RTCOM
2010-10-13 19:10:54 -------- d-----w- C:\Program Files\Realtek
2010-10-06 23:01:01 141612 ----a-w- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
2010-10-06 22:44:02 -------- d-----w- C:\Ntreev USA
2010-10-03 21:15:08 -------- d-----w- C:\Users\Owner\AppData\Local\CrashRpt
2010-10-03 21:14:33 -------- d-----w- C:\Users\Owner\AppData\Local\Procaster
2010-10-03 21:14:33 -------- d-----w- C:\Program Files (x86)\Livestream Procaster
2010-09-30 23:09:28 -------- d-----w- C:\Program Files (x86)\Steam
2010-09-28 18:54:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 18:54:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-25 23:39:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\IMVU
2010-09-25 23:39:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\IMVUClient
2010-09-23 18:42:38 23512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-09-23 18:42:38 138712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-09-23 01:26:35 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-20 21:15:50 -------- d-----w- C:\PROGRA~3\WEBREG
2010-09-20 21:14:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Printer Info Cache
2010-09-20 21:04:03 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2010-09-20 21:03:40 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2010-09-20 21:01:00 -------- d-----w- C:\Program Files (x86)\HP
2010-09-20 20:59:49 861184 ----a-w- C:\Windows\System32\SET65B6.tmp
2010-09-20 20:59:49 730624 ----a-w- C:\Windows\System32\hpotscl1.dll
2010-09-20 20:59:49 498176 ----a-w- C:\Windows\System32\hpovst01.dll
2010-09-20 20:59:49 338432 ----a-w- C:\Windows\System32\hpzids40.dll
2010-09-19 00:02:16 -------- d-----w- C:\Users\Owner\AppData\Local\Google

==================== Find3M ====================

2010-10-13 19:09:53 525792 ----a-w- C:\Windows\DIFxAPI.dll
2010-10-06 00:00:24 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-10-06 00:00:24 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-10-06 00:00:14 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-10-06 00:00:14 2511464 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-10-06 00:00:02 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-10-05 23:59:50 601704 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-10-05 23:59:50 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-10-05 23:59:50 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-10-05 23:59:40 79976 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-10-05 23:59:40 477800 ----a-w- C:\Windows\System32\RCoRes64.dat
2010-09-29 17:11:02 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2010-09-27 13:34:30 318808 ----a-w- C:\Windows\System32\MaxxAudioAPO20.dll
2010-09-16 23:35:08 474336 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2010-09-16 23:35:06 489696 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll
2010-09-16 23:35:02 1325792 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2010-09-16 23:34:58 1178336 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2010-09-16 23:34:56 315616 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2010-09-16 23:34:52 268512 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2010-09-16 23:34:48 124640 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2010-09-16 23:34:46 123616 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll
2010-09-16 23:34:42 124128 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2010-09-16 23:34:38 265440 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2010-09-16 23:34:36 1110240 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
2010-09-16 23:34:32 503520 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-12 21:35:13 47616 ---ha-w- C:\Windows\SysWow64\charkeng.dll
2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 18:00:22 120208 ----a-w- C:\Windows\System32\SFSS_APO.dll
2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-03 11:47:54 338336 ----a-w- C:\Windows\System32\FMAPO64.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-10 16:14:20 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-08-10 15:53:15 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-04 19:04:39 150 ----a-w- C:\Windows\SysWow64\133755.BAT
2010-07-22 20:48:58 220496 ----a-w- C:\Windows\System32\SFNHK64.dll
2010-07-22 20:48:50 78160 ----a-w- C:\Windows\System32\SFAPO64.dll
2010-07-22 20:48:44 81232 ----a-w- C:\Windows\System32\SFCOM64.dll
2010-07-22 20:48:26 74064 ----a-w- C:\Windows\SysWow64\SFCOM.dll
2010-07-22 20:37:14 200800 ----a-w- C:\Windows\System32\AERTAC64.dll

============= FINISH: 15:29:29.25 ===============

Blade81
2010-10-23, 19:11
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282) and then uninstall red listed program(s).

When done:

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Zaokii
2010-10-25, 01:12
OTL logfile created on: 10/24/2010 5:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Owner\Documents\lalala
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 776.22 Gb Free Space | 83.35% Space Free | Partition Type: NTFS
Drive E: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STOPREADINGTHIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (memchk) -- C:\Windows\SysNative\memchk.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (dump_wmimmc) -- C:\Windows\SysNative\drivers\dump_wmimmc.sys File not found
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys (Microsoft Corporation)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\DRIVERS\amdide64.sys (Advanced Micro Devices)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\DRIVERS\WMP54Gv41x64.sys (Ralink Technology Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (dump_wmimmc) -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys ()
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJfox000&ptb=ijV2nZNNH8oUq4CRNEj5KQ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=58.138.142.145:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:robots"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100924
FF - prefs.js..extensions.enabledItems: navertheme@nhncorp.jp:0.3.0
FF - prefs.js..extensions.enabledItems: NG_Classic@snakehole.net:2.31
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..extensions.enabledItems: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13
FF - prefs.js..extensions.enabledItems: {251297d0-6e53-11de-8a39-0800200c9a66}:3.6.15.02.10
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/24 15:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/07 14:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/24 15:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/07 14:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/24 15:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/07 14:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/24 15:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/07 14:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2010/09/22 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins

[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/21 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions
[2010/09/04 23:52:50 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 23:51:45 | 000,000,000 | ---D | M] (Extero 2) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
[2009/11/26 12:29:34 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/09/28 14:53:04 | 000,000,000 | ---D | M] (IMVU Inc Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/09/04 23:51:00 | 000,000,000 | ---D | M] (Utopia White) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{9998A493-980E-4716-81BC-F0C77001E9B7}
[2010/09/26 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/04 23:50:20 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/06/26 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\firebug@software.joehewitt.com
[2010/09/28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\nasanightlaunch@example.com
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\silvermelxt@pardal.de
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\youtube2mp3@mondayx.de
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp\chrome\mozapps\extensions
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net\chrome\mozapps\extensions
[2010/10/21 21:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 15:14:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/07/27 07:21:10 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/06 10:52:47 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: jgyo0w = C:\Users\Owner\AppData\Local\Temp\19aqp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://mail.jhsph.edu/owa/MWScripts/AttachView/1.5/DAX.cab (DAX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 22:13:08 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008/02/17 22:08:23 | 000,356,352 | R--- | M] (BestGameEver )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coloheme - (C:\Windows\system32\charkeng.dll) - C:\Windows\SysWOW64\charkeng.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 16:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/10/22 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Opera
[2010/10/22 16:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/10/18 15:08:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/18 15:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/17 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/15 11:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/10/15 11:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/10/14 19:13:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 19:13:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 19:13:11 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 19:13:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 19:13:10 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 19:13:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 19:13:08 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 19:13:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 19:12:48 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 19:12:47 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 19:12:44 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 19:12:44 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 19:12:36 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 19:12:35 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 19:12:34 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 19:12:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 19:12:33 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 19:12:33 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/14 19:12:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 19:12:33 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/14 19:12:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 19:12:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 19:12:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/10/14 19:12:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 19:12:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 19:12:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 19:12:22 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 19:12:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/13 15:09:52 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/13 15:09:51 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/13 15:09:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/13 15:09:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/13 15:09:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/13 15:09:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/13 15:09:51 | 000,120,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2010/10/13 15:09:50 | 002,625,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/13 15:09:50 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/13 15:09:50 | 002,048,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/13 15:09:50 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010/10/13 15:09:50 | 001,215,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/13 15:09:50 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/13 15:09:50 | 000,601,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/13 15:09:50 | 000,477,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/13 15:09:50 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/13 15:09:50 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010/10/13 15:09:50 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010/10/13 15:09:50 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/13 15:09:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/13 15:09:50 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2010/10/13 15:09:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/13 15:09:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/13 15:09:50 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/13 15:09:50 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2010/10/13 15:09:50 | 000,079,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/13 15:09:50 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2010/10/13 15:09:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/13 15:09:50 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2010/10/13 15:09:49 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/10/13 15:09:49 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/10/13 15:09:49 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/10/13 15:09:49 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/10/13 15:09:49 | 000,489,696 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/10/13 15:09:49 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/10/13 15:09:49 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/13 15:09:49 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/10/13 15:09:49 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/10/13 15:09:49 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/10/13 15:09:49 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/10/13 15:09:49 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/10/13 15:09:49 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/10/13 15:09:49 | 000,123,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/10/13 15:09:49 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/10/13 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/13 15:09:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/13 15:09:47 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/10/06 18:44:02 | 000,000,000 | ---D | C] -- C:\Ntreev USA
[2010/10/06 17:39:25 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\aqua2_7
[2010/10/06 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\New Folder
[2010/10/03 17:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashRpt
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Procaster
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2010/09/30 19:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/09/26 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Amnesia
[2010/09/25 19:39:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IMVU
[2010/09/25 19:39:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IMVUClient
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 17:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/10/24 17:56:55 | 000,709,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/24 17:56:55 | 000,608,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/24 17:56:55 | 000,105,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/24 17:51:28 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 17:51:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 17:51:27 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/24 17:51:24 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/10/24 17:51:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 13:45:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000UA.job
[2010/10/24 13:45:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000Core.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/10/24 13:45:10 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/22 16:38:00 | 000,000,768 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/21 20:54:01 | 000,002,087 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/10/21 20:54:01 | 000,002,049 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/19 17:07:17 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/18 15:32:05 | 000,002,893 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/15 11:32:38 | 003,076,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 22:44:01 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/10/13 22:08:33 | 000,000,728 | ---- | M] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/13 15:09:53 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/12 19:11:57 | 000,006,976 | ---- | M] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | M] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | M] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/05 20:00:24 | 002,048,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/05 20:00:24 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/05 20:00:14 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/05 20:00:02 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/05 19:59:50 | 002,625,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/05 19:59:50 | 001,215,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/05 19:59:50 | 000,601,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/05 19:59:40 | 000,477,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/05 19:59:40 | 000,079,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/03 17:14:34 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:10:40 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/29 13:11:02 | 001,251,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/09/27 09:34:30 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/09/25 19:39:12 | 000,001,828 | ---- | M] () -- C:\Users\Owner\Desktop\IMVU.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/22 16:38:00 | 000,000,768 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/18 15:32:05 | 000,002,893 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/14 19:01:31 | 184,094,302 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_3.MOV
[2010/10/14 19:01:31 | 108,310,858 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_1.MOV
[2010/10/13 22:08:33 | 000,000,728 | ---- | C] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/12 19:11:56 | 000,006,976 | ---- | C] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | C] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/03 17:14:34 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:09:28 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/25 19:51:06 | 000,258,048 | ---- | C] () -- C:\Users\Owner\Documents\SDL.dll
[2010/09/25 19:49:20 | 000,017,408 | ---- | C] () -- C:\Users\Owner\Documents\hallusinaattori.exe
[2010/09/25 19:49:20 | 000,006,028 | ---- | C] () -- C:\Users\Owner\Documents\hallusinaattori.c
[2010/09/25 19:39:12 | 000,001,828 | ---- | C] () -- C:\Users\Owner\Desktop\IMVU.lnk
[2010/09/22 21:57:41 | 000,364,286 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI4E67.txt
[2010/09/22 21:57:40 | 000,011,206 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI4E67.txt
[2010/09/20 17:00:02 | 000,006,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/12 17:35:13 | 000,047,616 | -H-- | C] () -- C:\Windows\SysWow64\charkeng.dll
[2010/09/12 17:35:12 | 000,000,028 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\apiqfw.dat
[2010/09/09 20:51:16 | 000,368,076 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI23DB.txt
[2010/09/09 20:51:16 | 000,011,142 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI23DB.txt
[2010/08/25 17:11:13 | 000,363,504 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI6771.txt
[2010/08/25 17:11:13 | 000,011,174 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI6771.txt
[2010/08/12 14:47:20 | 000,010,240 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 16:32:40 | 000,002,204 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/19 22:37:57 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/03/04 21:25:22 | 000,011,320 | -HS- | C] () -- C:\Users\Owner\AppData\Local\B7jiOM
[2010/02/28 23:55:19 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/02 22:49:03 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/20 15:25:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 15:24:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/04 14:02:04 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2009/10/04 14:02:01 | 001,720,320 | ---- | C] () -- C:\Windows\SysWow64\beconvlib.dll
[2009/10/04 14:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\bprgcomm.dll
[2009/10/04 14:02:01 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2009/10/04 14:02:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SII_PDF.dll
[2009/10/04 14:02:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
[2009/10/04 14:02:00 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2009/10/04 14:02:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx15_ic.ini
[2009/08/14 17:47:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/12 11:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2006/11/02 05:46:03 | 000,000,009 | ---- | C] () -- C:\Windows\SysWow64\comsats.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/07/22 04:35:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/15 14:03:10 | 000,000,363 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/24 17:51:16 | 305,127,422 | -HS- | M] () -- C:\pagefile.sys
[2010/06/15 20:23:54 | 002,487,294 | ---- | M] () -- C:\Track1.mp3
[2010/03/04 22:29:56 | 000,000,135 | ---- | M] () -- C:\VundoFix.txt
[2010/08/04 13:12:47 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/05/23 21:41:13 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/04/20 16:20:37 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/01/02 04:29:53 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:29:52 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav

< End of report >

Zaokii
2010-10-25, 01:13
OTL Extras logfile created on: 10/24/2010 5:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Owner\Documents\lalala
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 776.22 Gb Free Space | 83.35% Space Free | Partition Type: NTFS
Drive E: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STOPREADINGTHIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 1A 37 3E 11 0B A1 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3600338531-1240811616-913890960-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079D2A95-1D02-4F55-B0EE-838F3AE1E62E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E788477-03A3-4526-B17D-FAF8B7C04906}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{1E2C73EC-844D-4ADA-95CF-289798BCC9FA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2469E7E8-0C85-47D5-9B93-BEF8A8DF63EC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3DAD4E10-082E-47BC-87B0-B4EDEC5300F4}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{48E8E363-0A92-4AEC-9FA5-F80D9AEDED77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5DA59183-8D7E-4367-80CF-0CCEBB956EDF}" = rport=138 | protocol=17 | dir=out | app=system |
"{86B33482-46EF-4EC6-BFC6-EDD7A420330C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B48B9B0-D6D2-476D-AEAF-3B5F75A41651}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE0DF370-95DF-401B-ABDD-056AB4AB9ED6}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7E82D2A-9DBD-46DA-902E-42E9AEE48B38}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3214B26-DB98-44BE-BFD2-F78CED9F7C4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDA6008D-61AA-4BD2-BF31-9D83DBF8A77E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E68C7783-DB86-4490-BBFE-DAC247E52791}" = lport=138 | protocol=17 | dir=in | app=system |
"{EAA5EBBB-30D2-4E7C-89BD-16465E4BF6E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F999FD0C-5760-436B-A658-92329B5CBB77}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFA6D218-9756-4D7D-9835-2B290C82B60A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0276B567-3A2C-4C11-A5E3-C69631173FC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04D099E9-B092-41DA-A51D-2C37175A6C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacewar\steamworksexample.exe |
"{0780D93F-EEA4-4F20-AD08-C6D6F37628DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0D4F7F9A-BD18-4C1D-A281-84D71F6F9062}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\zaokii\counter-strike source\hl2.exe |
"{12466222-EE7F-423C-98D9-AC11827DC25B}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{20F8BF8E-3D0B-4D09-8FA2-0A962FA8814D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{241944DE-3C42-4540-A287-4BCE55A6FA28}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{24ACA8AC-B370-4161-A121-DC1CC6651159}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24B118E0-F35A-4F5E-A2E3-C63317C4C9F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AB06435-15EC-4031-986F-FF3EE08C1CFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2AB065D4-BCF8-416F-9D98-E65361A599F3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{31BCF21D-9784-4561-9564-B1E1909EBF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\zaokii\counterstrike source beta\hl2.exe |
"{35DC3BCF-8B1E-4463-A917-36220D49C5AB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3923E1F7-19DA-4AA9-A9BA-2BFC15E68E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B206436-9EC9-477D-BF80-7589FC42DE0C}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3C09B861-3D9F-483A-942B-423EAE099E18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\zaokii\counter-strike source\hl2.exe |
"{4027C6EF-78D9-48CF-B281-96ACBC68AE9D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{483A55D9-F4F5-43A8-B045-A38CB4945C95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A0C0076-1135-47E2-BFAA-347870328F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{536292E8-F905-4E14-9D3F-1AD27298A8F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5478A6C3-C867-4E14-99ED-540A33FAAE62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\zaokii\counterstrike source beta\hl2.exe |
"{5C18D998-B135-43A6-A7A3-29FD24A50261}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5C6D25F9-DE29-417C-8F22-776676EE9CD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{602DE576-D2B9-4199-87AA-4DDE55200600}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{64AC1E22-4983-4A45-92CB-74187CD6BE53}" = protocol=17 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{64F8643C-1E15-4A3D-BB89-FE0628AA44D4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{672AD1B0-BA63-4535-BC1E-66717FB16DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{68C8CBBD-3C35-4106-8683-ADB8A7C0BACF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{6A7AE674-187B-4912-B8A9-7079F14D538A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{6B047510-99B6-46C0-9010-09D4D59B10DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{6BDA5C1D-E169-47D1-9495-0A182DAB0ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{6D20819D-2A5A-4BED-923D-81CB99113A66}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{76F24C26-826D-43C3-B18A-E0C170072E04}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\alg.exe |
"{825F883B-6E9D-44CD-8F4C-E0D1D1BDE485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{83A987C4-06DD-43CD-8131-A254024CF1E5}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\alg.exe |
"{8CA663F5-A5F4-4E70-8EC9-33620A345319}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8CBC645A-0EC5-4705-A314-623CB3BDE888}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D917115-9699-4855-A952-23720FAD8F4C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8E3393CC-6755-4F8F-BDC4-A3D4283A7682}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E9F7D16-CC0E-4A3A-9491-58B8C29AB722}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\alg.exe |
"{9480B57D-78B1-419E-83D0-E16FA022C8DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{96CBE591-D0F5-449A-B97E-915B1C2E70E8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{985FEB83-6036-4B55-AA2F-BC39536ACDF5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{9F39D2EF-F1CC-463D-B509-B26E670BC2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9FFDB2D5-3369-4AD4-BD91-212CD4CFC315}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A183A9DD-7AF3-49CF-B379-32EA42F54857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A30E8F69-AA25-4C76-ABF0-B0CA9A936068}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A540C00C-379A-49BD-B608-61BB282201FD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A796912B-DFA0-4986-8126-E53A1734817E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{AB35E415-AABE-43BB-82AE-4E1E13F7EDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{B369708C-8E7D-4107-A4DD-0F56BB0F1875}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC460ADB-FB37-40FD-A5CB-C7D9CA476DF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD464CAF-128D-4F0A-99BA-E5CC0DC70531}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C0E06E39-CAE4-41E0-B5A0-3B9DD5FBD2B3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{C6577BA6-1ABA-4F50-BF70-F3C4CD73B2B3}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\alg.exe |
"{C902AF4C-2C42-45BB-A5FD-4E74E645D684}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB198022-CD11-47EB-8F43-7E996960590C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CCFAEFE6-CDED-4E39-91BD-61725CBF63A9}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{CE66E5D2-2FC6-4EE2-ABDE-1BD85D1D7C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D0D325C8-0FEE-443F-86DB-320F85FB30DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{D908616F-E7C9-4559-BA05-4E4EF0503B70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{D9145042-47CC-4A3D-A679-9B1FB30D19EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DFFCEB9F-DEC8-4B28-AEB5-DD4EFE5A086C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E30D32F0-0C76-4CA5-AE0E-BC8BC227FBF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E51E4758-B99F-49DA-9E44-9141148E6670}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5AFDBF5-0A0B-4E35-9B72-4F5499AE97E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA419EEC-E719-41DF-B5E7-D461E08662A8}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{EC6DD02A-1F06-4D35-B8FC-8E5BCA40B244}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1C04ABD-BEDC-4E3D-924A-6D82EC0AF65F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{F225B696-B5AF-4D01-BA44-18D29E7DDF48}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F4FF6EBF-3BDE-4E27-B5DB-DE9C7975EB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacewar\steamworksexample.exe |
"{F63B6038-38C3-40B5-BFBF-F97D43FE283D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"TCP Query User{1E7FF352-DD0F-4B81-9259-57804F7BBEF9}C:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{54BEC580-052E-4462-A9F7-7DD952D383C0}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{572C0D79-8065-4984-8B19-F8C0B8CD807F}C:\users\owner\appdata\roaming\vapafi\luuf.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\vapafi\luuf.exe |
"TCP Query User{72821221-1225-41ED-8B20-5DF35225FF08}C:\program files (x86)\gpotato\talesrunner\trgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gpotato\talesrunner\trgame.exe |
"TCP Query User{956D8BA1-F44B-485A-809C-01FBB866468B}C:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{96840A6B-A59B-45B9-935B-6253BBF2E9BC}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{9EE75A21-0095-4DB1-92E8-CAC7EAF37ACD}C:\users\owner\appdata\local\temp\bsqm.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\bsqm.exe |
"TCP Query User{E0829214-FA49-423F-BB8D-58467F1AA980}C:\program files (x86)\windows live\messenger\msnmsgr .exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr .exe |
"UDP Query User{212D4E93-B1E5-4B08-80E5-4713C3C964CF}C:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{26EE986C-9C7F-41E0-9655-0BA6BA093C43}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{ADA28357-4669-46F7-9379-023370D43BF9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B16848A7-ACD6-4DD4-95B5-1DF13C18531C}C:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{CAAB6450-DD40-4EE4-89EA-B70F5B2D9BCD}C:\program files (x86)\windows live\messenger\msnmsgr .exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr .exe |
"UDP Query User{ECF0328B-33F2-42B9-A2EC-361CEF615074}C:\users\owner\appdata\roaming\vapafi\luuf.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\vapafi\luuf.exe |
"UDP Query User{F9F5A94D-C48B-4F0A-B242-6B905A4C59B6}C:\program files (x86)\gpotato\talesrunner\trgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gpotato\talesrunner\trgame.exe |
"UDP Query User{FE9990BC-0041-4C88-86C0-4B087236F4D0}C:\users\owner\appdata\local\temp\bsqm.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\bsqm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99CC16CD-557E-1643-8752-0EA37F84614A}" = ccc-utility64
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D41EE423-B5F9-AC18-F6C5-FEFB7B039AE6}" = ATI Catalyst Install Manager
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Sandboxie" = Sandboxie 3.46 (64-bit)
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0A5CCA22-AD15-9392-217F-15724AE65B8C}" = ccc-core-static
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.0 (DX11)
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E2E7BE1-9438-C202-9884-2E474E49064F}" = CCC Help Swedish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13A63CE1-102E-0F29-1461-BD793DCB0766}" = HydraVision
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{166007C3-CD4C-EF66-69FB-6FF1A84274A6}" = Catalyst Control Center Core Implementation
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6
"{1AA38BFE-55CF-8998-9CD1-4454960020C2}" = CCC Help English
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21F2D605-498D-34B4-BEA3-9BD496458F32}" = CCC Help Czech
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{256FA7E0-D9C2-44FE-AA9E-42AE2CCC2D50}_is1" = Hello Kitty Online Open Beta
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27552DB2-70E1-0210-A2CA-BF16708B2185}" = Skins
"{292E65F1-E9F8-4416-90A6-5916A8C95672}_is1" = Hello Kitty Online Download Manager
"{2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}" = Acrobat.com
"{2B74ECC6-AB27-F160-B615-A4A5F87584EA}" = CCC Help Chinese Standard
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{2EC3DE41-6F1A-A746-F20C-665F83DA178E}" = Catalyst Control Center Graphics Full New
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C6EDB2B-572A-E314-926C-C3E140B4515C}" = CCC Help French
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{435FB60B-EB33-A93B-0DF1-8FAD3C9E498D}" = Catalyst Control Center InstallProxy
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46AE39F0-317F-E0A1-42CD-D90C6520DBCC}" = Catalyst Control Center Graphics Previews Vista
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D17715B-3E05-7BC5-8631-F7393F8BEAF2}" = CCC Help Norwegian
"{4D8915B1-A7B7-A1D9-82B2-5D97F91BEFE6}" = CCC Help Turkish
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1
"{51559762-4B4C-CD9B-BEAC-9AF683E8B7C8}" = CCC Help Korean
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6601BB9C-EEED-91C1-8BD2-91222EE080B5}" = CCC Help Russian
"{66333C41-085E-4DA1-8273-E2BCA382D766}" = NET Installation Assistance for VB6 App (Runtime Only)
"{66734F1B-6CA1-6147-0EC7-527FF549021A}" = CCC Help Thai
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D093B09-6268-D4E0-0AD4-5B23D5CC5142}" = CCC Help Portuguese
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7675D815-302E-583E-7245-D19827451F0D}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93D57D0C-F31A-BF9B-771C-BDCDB999B045}" = CCC Help Italian
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A26C09B-4C05-985E-E0E1-7917A9A82758}" = Catalyst Control Center HydraVision Full
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9D98D699-7EBF-C399-7B07-B474CFA7F145}" = Catalyst Control Center Graphics Previews Common
"{9DB52C99-EC51-4173-93C5-298769170CB0}" = Audition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AD95DF91-5125-4284-BB03-6A20F7C28186}" = musicshakeENG
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B769C5A9-9855-1DA8-A95A-3AE4B4AA1E02}" = CCC Help Hungarian
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD230C8F-071E-AF43-C905-97C4FF5EBF0B}" = Catalyst Control Center Graphics Full Existing
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF95B77-C221-80AA-DE34-A4607DE0C7A1}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2712C65-8293-509C-9B43-889E6AE03DE0}" = Catalyst Control Center Localization All
"{D6B25C92-D22B-95D3-FA59-05947A11E19C}" = CCC Help Polish
"{D8E91CD3-4E96-6F3C-0C75-83741B2802CE}" = CCC Help German
"{D8EFF105-4763-4EB8-B9BD-902B939D2FD1}" = AuditionSEA
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DBBCF5-0180-22EB-4B2E-E3C6C3834B8F}" = CCC Help Japanese
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA37A7CA-E3BB-2141-F3E8-849847FCE9BF}" = CCC Help Greek
"{EAA62915-133D-DA21-1E86-9417D8C1D0B2}" = CCC Help Danish
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{ED0261D8-5676-CD29-9C7B-22DD53CACF50}" = Catalyst Control Center Graphics Light
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAAE8A27-43EF-9BFF-B9AE-2649F860D4EF}" = CCC Help Spanish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FECB9C55-E9F7-96D4-F1E5-7D998512DA40}" = CCC Help Dutch
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.65
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Afterburner" = MSI Afterburner 1.6.1
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVS Music Mix 3.8_is1" = AVS Music Mix version 3.8
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Belarc Advisor" = Belarc Advisor 8.1
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Convert Doc_is1" = Convert Doc
"Debut" = Debut Video Capture Software
"Easy GIF Animator_is1" = Easy GIF Animator 4.9
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps
"Game Booster_is1" = Game Booster
"Graboid Video" = Graboid Video 1.65
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LUNA_US_090414" = LUNA Online v1.0.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
"MSI Kombustor(BETA)_is1" = MSI Kombustor(BETA) v0.7.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MWAREDATT" = Messageware AttachView Add-in for Saving Files x64
"Rainmeter" = Rainmeter (remove only)
"rayatitray" = Ray Adams ATI Tray Tools
"RocketDock_is1" = RocketDock 1.3.5
"RumbleFighter" = Rumble Fighter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"TeamViewer 5" = TeamViewer 5
"Transcribe!_is1" = Transcribe! 7.51
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinAVI Video Capture_is1" = WinAVI Video Capture 2.0
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"IMVU Previewer" = IMVU Tools
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2010 7:03:56 PM | Computer Name = STOPREADINGTHISAHH | Source = Application Error | ID = 1000
Description = Faulting application Audition.exe, version 0.2.0.60, time stamp 0x4c2bf2fd,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000005, fault offset 0x0001e562, process id 0x1510, application start time
0x01cb6e4f9101b0f0.

Error - 10/17/2010 7:15:13 PM | Computer Name = STOPREADINGTHISAHH | Source = Application Error | ID = 1000
Description = Faulting application Audition.exe, version 0.2.0.60, time stamp 0x4c2bf2fd,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000005, fault offset 0x0001e562, process id 0x1280, application start time
0x01cb6e512500d910.

Error - 10/17/2010 7:26:10 PM | Computer Name = STOPREADINGTHISAHH | Source = Application Error | ID = 1000
Description = Faulting application Audition.exe, version 0.2.0.60, time stamp 0x4c2bf2fd,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000005, fault offset 0x0001e562, process id 0x10f4, application start time
0x01cb6e52ac2aa280.

Error - 10/17/2010 9:48:54 PM | Computer Name = STOPREADINGTHISAHH | Source = Windows Search Service | ID = 3013
Description =

Error - 10/17/2010 9:49:27 PM | Computer Name = STOPREADINGTHISAHH | Source = Windows Search Service | ID = 3013
Description =

Error - 10/17/2010 9:49:27 PM | Computer Name = STOPREADINGTHISAHH | Source = Windows Search Service | ID = 3013
Description =

Error - 10/18/2010 12:13:17 PM | Computer Name = STOPREADINGTHISAHH | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2010 2:41:03 PM | Computer Name = STOPREADINGTHISAHH | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2010 9:09:55 PM | Computer Name = STOPREADINGTHISAHH | Source = Windows Search Service | ID = 3013
Description =

Error - 10/22/2010 7:00:34 PM | Computer Name = STOPREADINGTHISAHH | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3909, time stamp 0x4c8fdcc5,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000005, fault offset 0x0001e562, process id 0x1130, application start time
0x01cb7228d5b72900.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Blade81
2010-10-25, 08:14
Hi,

Are you familiar with this proxy setting 58.138.142.145:80 ?

Update MBAM, run a full scan and let it remove found items. Post back the report.

Zaokii
2010-10-26, 03:01
I may have used it in the past but I currently don't have any proxies enabled, checked all browser settings and the LAN option, found nothing on it.
Ah, if only I had thought to look for an "update" button sooner. I rebooted when it told me to and everything appears fine. There was one really high svchost when I first started back up but it went back down to a reasonable level after I let it sit for a few minutes. SeachIndexer is still running, though it's not taking up as much as it was before.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4946

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/25/2010 7:46:03 PM
mbam-log-2010-10-25 (19-46-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 423497
Time elapsed: 1 hour(s), 38 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\charkeng.dll (Backdoor.Papras) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jgyo0w (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\charkeng.dll (Backdoor.Papras) -> Delete on reboot.
C:\Users\Owner\AppData\Roaming\67AC0BDA0ADCF58ED6D1EC3A966727E1\newreleaseversion70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\charkeng.dll (Backdoor.Papras) -> Delete on reboot.
C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.
C:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Blade81
2010-10-26, 07:48
Good. Please re-run OTL and post back fresh OTL.txt report.

Zaokii
2010-10-26, 21:59
OTL logfile created on: 10/26/2010 2:53:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = c:\Users\Owner\Documents\lalala
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 802.29 Gb Free Space | 86.15% Space Free | Partition Type: NTFS
Drive E: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STOPREADINGTHIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (SafeList) ==========

MOD - c:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (memchk) -- C:\Windows\SysNative\memchk.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (dump_wmimmc) -- C:\Windows\SysNative\drivers\dump_wmimmc.sys File not found
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys (Microsoft Corporation)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\DRIVERS\amdide64.sys (Advanced Micro Devices)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\DRIVERS\WMP54Gv41x64.sys (Ralink Technology Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (dump_wmimmc) -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys ()
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJfox000&ptb=ijV2nZNNH8oUq4CRNEj5KQ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=58.138.142.145:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:robots"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100924
FF - prefs.js..extensions.enabledItems: navertheme@nhncorp.jp:0.3.0
FF - prefs.js..extensions.enabledItems: NG_Classic@snakehole.net:2.31
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..extensions.enabledItems: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13
FF - prefs.js..extensions.enabledItems: {251297d0-6e53-11de-8a39-0800200c9a66}:3.6.15.02.10
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/24 22:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2010/09/22 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins

[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/25 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions
[2010/09/04 23:52:50 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 23:51:45 | 000,000,000 | ---D | M] (Extero 2) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
[2009/11/26 12:29:34 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/09/28 14:53:04 | 000,000,000 | ---D | M] (IMVU Inc Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/09/04 23:51:00 | 000,000,000 | ---D | M] (Utopia White) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{9998A493-980E-4716-81BC-F0C77001E9B7}
[2010/09/26 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/04 23:50:20 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/06/26 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\firebug@software.joehewitt.com
[2010/09/28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\nasanightlaunch@example.com
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\silvermelxt@pardal.de
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\youtube2mp3@mondayx.de
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp\chrome\mozapps\extensions
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net\chrome\mozapps\extensions
[2010/10/25 18:24:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 15:14:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/07/27 07:21:10 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/06 10:52:47 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://mail.jhsph.edu/owa/MWScripts/AttachView/1.5/DAX.cab (DAX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 22:13:08 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008/02/17 22:08:23 | 000,356,352 | R--- | M] (BestGameEver )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coloheme - (C:\Windows\system32\charkeng.dll) - C:\Windows\SysWow64\charkeng.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 16:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/10/22 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Opera
[2010/10/22 16:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/10/18 15:08:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/18 15:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/17 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/15 11:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/10/15 11:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/10/14 19:13:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 19:13:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 19:13:11 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 19:13:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 19:13:10 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 19:13:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 19:13:08 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 19:13:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 19:12:48 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 19:12:47 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 19:12:44 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 19:12:44 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 19:12:36 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 19:12:35 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 19:12:34 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 19:12:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 19:12:33 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 19:12:33 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/14 19:12:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 19:12:33 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/14 19:12:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 19:12:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 19:12:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/10/14 19:12:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 19:12:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 19:12:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 19:12:22 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 19:12:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/13 15:09:52 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/13 15:09:51 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/13 15:09:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/13 15:09:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/13 15:09:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/13 15:09:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/13 15:09:51 | 000,120,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2010/10/13 15:09:50 | 002,625,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/13 15:09:50 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/13 15:09:50 | 002,048,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/13 15:09:50 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010/10/13 15:09:50 | 001,215,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/13 15:09:50 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/13 15:09:50 | 000,601,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/13 15:09:50 | 000,477,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/13 15:09:50 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/13 15:09:50 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010/10/13 15:09:50 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010/10/13 15:09:50 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/13 15:09:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/13 15:09:50 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2010/10/13 15:09:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/13 15:09:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/13 15:09:50 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/13 15:09:50 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2010/10/13 15:09:50 | 000,079,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/13 15:09:50 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2010/10/13 15:09:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/13 15:09:50 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2010/10/13 15:09:49 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/10/13 15:09:49 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/10/13 15:09:49 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/10/13 15:09:49 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/10/13 15:09:49 | 000,489,696 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/10/13 15:09:49 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/10/13 15:09:49 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/13 15:09:49 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/10/13 15:09:49 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/10/13 15:09:49 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/10/13 15:09:49 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/10/13 15:09:49 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/10/13 15:09:49 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/10/13 15:09:49 | 000,123,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/10/13 15:09:49 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/10/13 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/13 15:09:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/13 15:09:47 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/10/06 18:44:02 | 000,000,000 | ---D | C] -- C:\Ntreev USA
[2010/10/06 17:39:25 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\aqua2_7
[2010/10/06 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\New Folder
[2010/10/03 17:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashRpt
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Procaster
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2010/09/30 19:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/09/26 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Amnesia
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 14:39:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000UA.job
[2010/10/26 14:39:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/25 22:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000Core.job
[2010/10/25 21:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/10/25 21:48:48 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 21:48:48 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 20:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/10/25 20:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/10/25 19:56:13 | 000,709,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/25 19:56:13 | 000,608,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/25 19:56:13 | 000,105,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/25 19:48:50 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/25 18:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/10/25 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/10/25 17:54:27 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera (3).lnk
[2010/10/25 17:54:21 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera (2).lnk
[2010/10/25 17:54:15 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera.lnk
[2010/10/25 16:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/10/25 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/10/25 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/10/22 16:38:00 | 000,000,768 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/21 20:54:01 | 000,002,087 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/10/21 20:54:01 | 000,002,049 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/19 17:07:17 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/18 15:32:05 | 000,002,893 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/15 11:32:38 | 003,076,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 22:44:01 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/10/13 22:08:33 | 000,000,728 | ---- | M] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/13 15:09:53 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/12 19:11:57 | 000,006,976 | ---- | M] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | M] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | M] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/05 20:00:24 | 002,048,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/05 20:00:24 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/05 20:00:14 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/05 20:00:02 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/05 19:59:50 | 002,625,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/05 19:59:50 | 001,215,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/05 19:59:50 | 000,601,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/05 19:59:40 | 000,477,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/05 19:59:40 | 000,079,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/03 17:14:34 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:10:40 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/29 13:11:02 | 001,251,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/09/27 09:34:30 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 17:54:27 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera (3).lnk
[2010/10/25 17:54:21 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera (2).lnk
[2010/10/25 17:54:15 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera.lnk
[2010/10/22 16:38:00 | 000,000,768 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/18 15:32:05 | 000,002,893 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/14 19:01:31 | 184,094,302 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_3.MOV
[2010/10/14 19:01:31 | 108,310,858 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_1.MOV
[2010/10/13 22:08:33 | 000,000,728 | ---- | C] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/12 19:11:56 | 000,006,976 | ---- | C] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | C] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/03 17:14:34 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:09:28 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/22 21:57:41 | 000,364,286 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI4E67.txt
[2010/09/22 21:57:40 | 000,011,206 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI4E67.txt
[2010/09/20 17:00:02 | 000,006,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/09 20:51:16 | 000,368,076 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI23DB.txt
[2010/09/09 20:51:16 | 000,011,142 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI23DB.txt
[2010/08/25 17:11:13 | 000,363,504 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI6771.txt
[2010/08/25 17:11:13 | 000,011,174 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI6771.txt
[2010/08/12 14:47:20 | 000,010,240 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 16:32:40 | 000,002,204 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/19 22:37:57 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/03/04 21:25:22 | 000,011,320 | -HS- | C] () -- C:\Users\Owner\AppData\Local\B7jiOM
[2010/02/28 23:55:19 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/02 22:49:03 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/20 15:25:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 15:24:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/04 14:02:04 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2009/10/04 14:02:01 | 001,720,320 | ---- | C] () -- C:\Windows\SysWow64\beconvlib.dll
[2009/10/04 14:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\bprgcomm.dll
[2009/10/04 14:02:01 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2009/10/04 14:02:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SII_PDF.dll
[2009/10/04 14:02:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
[2009/10/04 14:02:00 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2009/10/04 14:02:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx15_ic.ini
[2009/08/14 17:47:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/12 11:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Files - Unicode (All) ==========
[2010/05/23 21:41:13 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/04/20 16:20:37 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/01/02 04:29:53 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:29:52 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav

< End of report >

Blade81
2010-10-27, 08:00
Hi again,

Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/10/26 14:39:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/10/26 07:02:17 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/25 21:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/10/25 20:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/10/25 20:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/10/25 18:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/10/25 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/10/25 16:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/10/25 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/10/25 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
:Commands
[emptytemp]


Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post result log



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report & a fresh OTL.txt log.

Zaokii
2010-10-27, 21:59
I actually had a problem when it was rebooting. It showed the "Shutting Down" screen for about 10 minutes and nothing happened so I pressed the start button once (didn't hold it or anything) and the screens went black and the fans turned off but my LEDs (have them on my power supply and around the fans) stayed on, so I pressed it again (again, not holding it) and it started back up.
Here's the first log file, going to update Java now..

All processes killed
========== OTL ==========
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 5389990 bytes
->Temporary Internet Files folder emptied: 20237176 bytes
->Java cache emptied: 52954094 bytes
->FireFox cache emptied: 105912499 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 797696 bytes
->Opera cache emptied: 277700 bytes
->Flash cache emptied: 14015 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 861184 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37884 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 179.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10272010_144416

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysNative\SET65B6.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Zaokii
2010-10-28, 04:24
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 27, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 27, 2010 14:50:57
Records in database: 4179029
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 293088
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:44:47


File name / Threat / Threats count
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1
C:\Users\Owner\Documents\Aau Perfect Hack.exe Infected: Trojan-Spy.Win32.KeyLogger.gia 1
C:\Users\Owner\Documents\etcetc\gbsetup120.exe Infected: Virus.Win32.Induc.a 1

Selected area has been scanned.

Geez that took a long time. I'm familiar with the Trojan called "Aau Perfect Hack.exe", it's for a game and the only way to get it to run in the background without being detected by the program is to disguise it as a trojan. I can get rid of it if necessary though.

Blade81
2010-10-28, 07:54
Hi,

Delete these two files:
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
C:\Users\Owner\Documents\etcetc\gbsetup120.exe

Post a fresh OTL.txt log and let me know how's the system running.

Zaokii
2010-10-28, 22:04
Thank you SO much for taking your time to help me. Everything seems to be running fine, both my CPU and RAM usage is significantly lower and I'm not lagging while playing games anymore.

OTL logfile created on: 10/28/2010 2:58:14 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = c:\Users\Owner\Documents\lalala
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 59.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.32 Gb Total Space | 770.19 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive E: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STOPREADINGTHIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (SafeList) ==========

MOD - c:\Users\Owner\Documents\lalala\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (memchk) -- C:\Windows\SysNative\memchk.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (dump_wmimmc) -- C:\Windows\SysNative\drivers\dump_wmimmc.sys File not found
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys (Microsoft Corporation)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\DRIVERS\amdide64.sys (Advanced Micro Devices)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\DRIVERS\WMP54Gv41x64.sys (Ralink Technology Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (dump_wmimmc) -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys ()
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJfox000&ptb=ijV2nZNNH8oUq4CRNEj5KQ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=58.138.142.145:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:robots"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100924
FF - prefs.js..extensions.enabledItems: navertheme@nhncorp.jp:0.3.0
FF - prefs.js..extensions.enabledItems: NG_Classic@snakehole.net:2.31
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..extensions.enabledItems: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13
FF - prefs.js..extensions.enabledItems: {251297d0-6e53-11de-8a39-0800200c9a66}:3.6.15.02.10
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 14:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2010/09/22 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins

[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/11/23 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/27 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions
[2010/09/04 23:52:50 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 23:51:45 | 000,000,000 | ---D | M] (Extero 2) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
[2009/11/26 12:29:34 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/09/28 14:53:04 | 000,000,000 | ---D | M] (IMVU Inc Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010/06/26 12:12:02 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/09/04 23:51:00 | 000,000,000 | ---D | M] (Utopia White) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{9998A493-980E-4716-81BC-F0C77001E9B7}
[2010/09/26 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/04 23:50:20 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/06/26 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\firebug@software.joehewitt.com
[2010/09/28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\nasanightlaunch@example.com
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\silvermelxt@pardal.de
[2010/06/26 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\youtube2mp3@mondayx.de
[2010/06/26 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\navertheme@nhncorp.jp\chrome\mozapps\extensions
[2010/06/26 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\wojx14r6.default\extensions\NG_Classic@snakehole.net\chrome\mozapps\extensions
[2010/10/27 15:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 15:14:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/27 15:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/27 15:07:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/06 10:52:47 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} https://mail.jhsph.edu/owa/MWScripts/AttachView/1.5/DAX.cab (DAX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Wallpapers\rainbowwall1.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 22:13:08 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7465b9-1fde-11de-8d35-001fe25cd157}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2bb74-762f-11df-bc36-001fe25cd157}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008/02/17 22:08:23 | 000,356,352 | R--- | M] (BestGameEver )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coloheme - (C:\Windows\system32\charkeng.dll) - C:\Windows\SysWow64\charkeng.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 15:09:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\jkos-Owner
[2010/10/27 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/27 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/27 15:07:55 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/27 15:07:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/27 15:07:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/27 15:07:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/27 14:44:30 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/10/27 14:44:30 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2010/10/27 14:44:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/26 14:52:20 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 14:52:20 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 14:52:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 14:52:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/26 14:52:19 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 14:52:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/22 16:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/10/22 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Opera
[2010/10/22 16:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/10/18 15:08:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/18 15:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/17 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/15 11:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/10/15 11:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/10/14 19:13:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 19:13:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 19:13:11 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 19:13:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 19:13:10 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 19:13:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 19:13:08 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 19:13:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 19:12:48 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 19:12:47 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 19:12:44 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 19:12:44 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 19:12:36 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 19:12:35 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 19:12:34 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 19:12:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 19:12:33 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 19:12:33 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/14 19:12:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 19:12:33 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/14 19:12:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 19:12:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 19:12:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/10/14 19:12:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 19:12:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 19:12:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 19:12:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 19:12:22 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 19:12:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/13 15:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/13 15:09:52 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/13 15:09:51 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/13 15:09:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/13 15:09:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/13 15:09:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/13 15:09:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/13 15:09:51 | 000,120,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2010/10/13 15:09:50 | 002,625,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/13 15:09:50 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/13 15:09:50 | 002,048,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/13 15:09:50 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010/10/13 15:09:50 | 001,215,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/13 15:09:50 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/13 15:09:50 | 000,601,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/13 15:09:50 | 000,477,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/13 15:09:50 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/13 15:09:50 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010/10/13 15:09:50 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010/10/13 15:09:50 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/13 15:09:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/13 15:09:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/13 15:09:50 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2010/10/13 15:09:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/13 15:09:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/13 15:09:50 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/13 15:09:50 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2010/10/13 15:09:50 | 000,079,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/13 15:09:50 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2010/10/13 15:09:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/13 15:09:50 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2010/10/13 15:09:49 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/10/13 15:09:49 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/10/13 15:09:49 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/10/13 15:09:49 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/10/13 15:09:49 | 000,489,696 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/10/13 15:09:49 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/10/13 15:09:49 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/13 15:09:49 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/10/13 15:09:49 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/10/13 15:09:49 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/10/13 15:09:49 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/10/13 15:09:49 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/10/13 15:09:49 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/10/13 15:09:49 | 000,123,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/10/13 15:09:49 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/10/13 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/13 15:09:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/13 15:09:47 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/10/06 18:44:02 | 000,000,000 | ---D | C] -- C:\Ntreev USA
[2010/10/06 17:39:25 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\aqua2_7
[2010/10/06 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\New Folder
[2010/10/03 17:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashRpt
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Procaster
[2010/10/03 17:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2010/09/30 19:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 14:47:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000UA.job
[2010/10/28 14:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 22:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3600338531-1240811616-913890960-1000Core.job
[2010/10/27 21:05:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 21:05:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 15:11:53 | 000,727,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/27 15:11:53 | 000,621,368 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/27 15:11:53 | 000,110,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/27 15:07:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/27 15:07:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/27 15:07:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/27 15:07:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/27 15:05:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/26 22:11:42 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/25 17:54:27 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera (3).lnk
[2010/10/25 17:54:21 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera (2).lnk
[2010/10/25 17:54:15 | 000,000,756 | ---- | M] () -- C:\Users\Owner\Desktop\Opera.lnk
[2010/10/22 16:38:00 | 000,000,768 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/21 20:54:01 | 000,002,087 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/10/21 20:54:01 | 000,002,049 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 15:32:05 | 000,002,893 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/15 11:32:38 | 003,076,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 22:44:01 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/10/13 22:08:33 | 000,000,728 | ---- | M] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/13 15:09:53 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/10/12 19:11:57 | 000,006,976 | ---- | M] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | M] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | M] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/05 20:00:24 | 002,048,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/10/05 20:00:24 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/10/05 20:00:14 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/10/05 20:00:02 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/10/05 19:59:50 | 002,625,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/10/05 19:59:50 | 001,215,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/10/05 19:59:50 | 000,601,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/10/05 19:59:40 | 000,477,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2010/10/05 19:59:40 | 000,079,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/10/03 17:14:34 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:10:40 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/29 13:11:02 | 001,251,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 17:54:27 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera (3).lnk
[2010/10/25 17:54:21 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera (2).lnk
[2010/10/25 17:54:15 | 000,000,756 | ---- | C] () -- C:\Users\Owner\Desktop\Opera.lnk
[2010/10/22 16:38:00 | 000,000,768 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/22 16:38:00 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/18 15:32:05 | 000,002,893 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.rar
[2010/10/18 15:08:28 | 000,000,943 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/18 15:08:25 | 000,000,744 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/10/17 21:26:13 | 000,001,960 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/10/17 21:11:13 | 000,007,692 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/10/14 19:01:31 | 184,094,302 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_3.MOV
[2010/10/14 19:01:31 | 108,310,858 | ---- | C] () -- C:\Users\Owner\Desktop\20101014_1.MOV
[2010/10/13 22:08:33 | 000,000,728 | ---- | C] () -- C:\Users\Owner\Documents\swedish.rtf
[2010/10/12 19:11:56 | 000,006,976 | ---- | C] () -- C:\Users\Owner\Documents\what.rtf
[2010/10/09 19:27:01 | 000,003,371 | ---- | C] () -- C:\Users\Owner\Documents\code.rtf
[2010/10/07 14:39:19 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 19:01:01 | 000,141,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/10/03 17:14:34 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010/09/30 19:58:25 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source.url
[2010/09/30 19:11:43 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Counter-Strike Source Beta.url
[2010/09/30 19:09:28 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/22 21:57:41 | 000,364,286 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI4E67.txt
[2010/09/22 21:57:40 | 000,011,206 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI4E67.txt
[2010/09/20 17:00:02 | 000,006,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/09 20:51:16 | 000,368,076 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI23DB.txt
[2010/09/09 20:51:16 | 000,011,142 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI23DB.txt
[2010/08/25 17:11:13 | 000,363,504 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI6771.txt
[2010/08/25 17:11:13 | 000,011,174 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI6771.txt
[2010/08/12 14:47:20 | 000,010,240 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 16:32:40 | 000,002,204 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/19 22:37:57 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/03/04 21:25:22 | 000,011,320 | -HS- | C] () -- C:\Users\Owner\AppData\Local\B7jiOM
[2010/02/28 23:55:19 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/02 22:49:03 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/20 15:25:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 15:24:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/04 14:02:04 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2009/10/04 14:02:01 | 001,720,320 | ---- | C] () -- C:\Windows\SysWow64\beconvlib.dll
[2009/10/04 14:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\bprgcomm.dll
[2009/10/04 14:02:01 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2009/10/04 14:02:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SII_PDF.dll
[2009/10/04 14:02:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
[2009/10/04 14:02:00 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2009/10/04 14:02:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx15_ic.ini
[2009/08/14 17:47:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/12 11:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Files - Unicode (All) ==========
[2010/05/23 21:41:13 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/04/20 16:20:37 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\??) -- C:\Users\Owner\Documents\くそ
[2010/01/02 04:29:53 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:29:52 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_28_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_28_15.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:27:09 | 000,016,056 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_27_01.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_27_01.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:36 | 000,076,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_15.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_15.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:23:30 | 000,028,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_22_05.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_22_05.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:20:26 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_20_19.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_20_19.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:18:59 | 000,038,456 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_18_53.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_18_53.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:40 | 000,124,856 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_16_31.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_16_31.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:16:00 | 000,041,656 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_15_48.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_15_48.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | M] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav
[2010/01/02 04:13:58 | 000,019,256 | ---- | C] ()(C:\Users\Owner\Documents\- [c=4]?[-c][b]?[-b]?[b]u[-b][c=4]?[-c][b]?[-b][c=4]?[-c][b]s[-b] [[c=4] ? [-c]]_1_2_2010@3_13_46.wav) -- C:\Users\Owner\Documents\- [c=4]ɐ[-c][b]ɥ[-b]ʇ[b]u[-b][c=4]ɐ[-c][b]ɯ[-b][c=4]ɐ[-c][b]s[-b] [[c=4] ♥ [-c]]_1_2_2010@3_13_46.wav

< End of report >

Blade81
2010-10-28, 22:25
You're welcome. It's time to secure your system to prevent against further intrusions :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.




Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Blade81
2010-11-04, 07:29
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.