View Full Version : Had some trojans/viruses, and now task bar won't come up.
frequencyyy
2010-11-17, 22:23
Alright so, on October 28, 2010, was the first time I have ever had a trojan on my computer, and on that date SpyBot detected 73 entries ( I have a screen shot and Malware Bytes log if needed)
Since 10/28, occasionally, when I use firefox, something would create a new tab by it's self, and it would re-direct me to a "site" that says "Problem in your registry, press this to fix" or something along those lines, of course I quickly exit out of it.
Alright so yesterday, I went out to buy a 32" TV to serve as my monitor. I hook everything up, and change the resolution and stuff and restart my computer. When I boot up my computer, my task bar is gone (the one with the start button on it) and I have a lot of weird tasks in task manager, and I recognize most of them from a month ago, when I had 73 Malwares/Trojans/Viruses detected in SpyBot.
So I turned my computer on with Safe mode, ran a malware bytes scan , and Spy Bot, I quarantined/fixed with both but my task bar is still not there and some programs that I do not recognize are still showing up.
In addition to that, there manystart up services that are related to the problems, in my msconfig, that are still there, but just disabled.
Also, yesterday SpyBot detected KillSec, and when I looked it up, KillSec collects my personal data...
Today:
Alright, so today, I come home and turned on computer, my task bar is still gone, and I run MalWare Bytes and SpyBot and again, trojan assistant detected by MalWare, and only 2 browser entries from Spybot. But I knew there was still a problem, random thing kept crashing (Anti virus, and some programs I have never even heard of).
So I decided to come to the forums for help, and when I ran DDS (my first time) I was watching my task manager, and things like SED.DAT, other DAT things, "Find String Query" or something like that, and something that had to do with registry started running, but they VERY QUICKLY disappeared (Are these things from DDS?..)
So yeah, this is a many parted question
- Are the troians/malware and such all gone?.... since it won't detect anything..
- Is it possible to check if any of my programs/ external hard drive is infected?
- How do I get rid of the things that are in msconfig
-How do I prevent them from coming back?
- Where is my task bar?
I checked and the task bar is not hiding, resolution is correct, I tried hovering mouse over it, CTRL+ESC Yes, explorer is running but nothings working..
- Is it possible to check KillSec had collected any information..?
If anything else is needed, just request and I'll do my best to get them!
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by James at 15:56:50.23 on Wed 11/17/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.5117.2869 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\AERTSr64.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~2\mcafee\msc\mcuimgr.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\James\Downloads\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Internet Explorer provided by Dell
uStart Page = www.ijji.com (http://www.ijji.com)
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: C:\Windows\SysWow64\xsl3g.dll: {b1ba20c1-a503-59bd-f412-03b53a2c8951} - C:\Windows\SysWow64\xsl3g.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
dRun: [MqmPeQ] C:\Windows\TEMP\dju8q5m.exe
dRun: [uPc+kt0Nfv_aXms] rundll32.exe C:\Windows\system32\o9xjmpu72g.dll, SystemServer
dRun: [MqmPsd] C:\Windows\TEMP\taskmgr.exe
dRun: [lSKRCmGJix.exe] C:\Windows\TEMP\lSKRCmGJix.exe
dRun: [MqmPZP] C:\Windows\TEMP\gdi32.exe
dRun: [MqmPrc] C:\Windows\TEMP\winamp.exe
dRun: [MqmP0Z] C:\Windows\TEMP\system.exe
dRun: [MqmPxc] C:\Windows\TEMP\smss.exe
dRun: [uPc+kt0NrzLCxl] rundll32.exe C:\Windows\system32\ksr02670.dll, SystemServer
dRun: [MqmPtg] C:\Windows\TEMP\wininst.exe
dRun: [MqqZ] C:\Windows\cmd.exe
dRun: [MqmPWuc] C:\Windows\TEMP\r88yjlqt.exe
dRun: [Mqrta] C:\Windows\install.exe
dRun: [uPc+kt0NcAaGuo] rundll32.exe C:\Windows\system32\y0nb773.dll, SystemServer
dRun: [MqmPsf] C:\Windows\TEMP\lsass.exe
dRunOnce: [kKjIc02097] C:\ProgramData\kKjIc02097\kKjIc02097.exe
dRunOnce: [9C30] "C:\Windows\system32\config\systemprofile\AppData\Local\790575.exe" 0 41
dRunOnce: [790575] "C:\Windows\system32\config\systemprofile\AppData\Local\52139209.exe" 0 48
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Windows\system32\lsp5E7E.dll
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
STS: C:\Windows\SysWow64\xsl3g.dll: {b1ba20c1-a503-59bd-f412-03b53a2c8951} - C:\Windows\SysWow64\xsl3g.dll
BHO-X64: McAfee Phishing Filter: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\MCAPBH~1.DLL
BHO-X64: McAntiPhishingBHO - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
================= FIREFOX ===================
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://element.searchpluswin.com/?cmd=home
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?clid=123045&text=
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{e9ddc636-f9b4-43db-9795-fba05b2d0e22}\components\FFExternalAlert.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{e9ddc636-f9b4-43db-9795-fba05b2d0e22}\components\RadioWMPCore.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\James\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.search-clsid", "{DC3C5E53-6283-4714-B415-10FF48DCA680}");
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-3-13 55024]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-10-5 87600]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2010-1-16 26024]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-3-13 293192]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2009-3-13 86016]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-13 203264]
R2 Apache2.2;Remote Access Media Server;C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-9-21 15872]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-12-9 19432]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-3-13 358224]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-3-13 153408]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-28 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-13 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-13 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2010-11-13 114704]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-3-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-3-13 101960]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-3-13 49480]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-3-27 27160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dsl-db;Remote Access DB;C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-9-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-9-30 173296]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-6 136176]
S2 MSPnPService;MS PnP Service;C:\Windows\system32\mspnp297f.exe --> C:\Windows\system32\mspnp297f.exe [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-6-25 35840]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2010-2-10 49664]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-3-13 40392]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-18 93184]
=============== Created Last 30 ================
2010-11-17 20:25:28 53248 ----a-w- C:\Windows\SysWow64\FastUv32.dll
2010-11-16 21:12:46 36356 ---h--w- C:\Windows\drweb.exe
2010-11-16 21:12:33 220672 ----a-w- C:\Windows\SysWow64\mspnp2a3f.exe
2010-11-16 21:12:29 36356 ---h--w- C:\Windows\winamp.exe
2010-11-16 21:12:17 30000 ----a-w- C:\Windows\SysWow64\uznec0.dll
2010-11-16 21:12:09 220672 ---ha-w- C:\Windows\SysWow64\mspnpd7f.exe
2010-11-16 21:11:56 30000 ----a-w- C:\Windows\SysWow64\k0134b1yc.dll
2010-11-16 21:11:49 220672 ---ha-w- C:\Windows\SysWow64\mspnpd8f.exe
2010-11-16 21:11:41 220672 ----a-w- C:\Windows\SysWow64\mspnp297f.exe
2010-11-16 21:11:33 -------- d-----w- C:\PROGRA~3\WSTB
2010-11-16 21:11:31 30000 ----a-w- C:\Windows\SysWow64\xsl3g.dll
2010-11-15 23:53:37 -------- d-----w- C:\Users\James\AppData\Local\Logitech
2010-11-14 16:42:26 -------- d-----w- C:\PROGRA~3\kKjIc02097
2010-11-14 16:42:00 47490 ----a-w- C:\Windows\SysWow64\lsp5E7E.dll
2010-11-14 16:42:00 0 ----a-w- C:\Windows\SysWow64\lsp5E7E.tmp
2010-11-13 06:51:45 -------- d-----w- C:\Program Files (x86)\ATI
2010-11-13 06:46:00 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2010-11-13 06:46:00 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-13 06:46:00 118784 ----a-w- C:\Windows\System32\atibtmon.exe
2010-11-10 22:02:43 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 22:02:43 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-09 21:12:08 -------- d-----w- C:\Users\James\AppData\Local\Activision
2010-11-09 20:53:09 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2010-11-09 20:53:09 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2010-11-09 20:53:09 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2010-11-09 20:53:09 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2010-11-09 20:53:07 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2010-11-09 20:53:07 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2010-11-09 20:53:06 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2010-11-09 20:53:06 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2010-11-09 20:53:02 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2010-11-09 20:53:02 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2010-11-09 20:53:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2010-11-09 20:53:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2010-11-09 20:51:57 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2010-11-09 20:50:54 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2010-11-08 22:19:07 -------- d-----w- C:\Users\James\AE CS5 Plugins Collection v1
2010-11-07 21:16:42 90112 ----a-w- C:\Windows\unvise32.exe
2010-11-04 07:13:57 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-10-28 23:41:23 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-28 23:41:23 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-28 23:41:20 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-28 23:41:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-28 23:33:52 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2010-10-28 23:33:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-28 23:33:22 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-28 23:33:21 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-28 23:33:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-28 20:49:23 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-10-28 20:02:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-28 20:02:36 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-28 19:40:17 -------- d-----w- C:\Users\James\AppData\Local\{42987DD0-7F6F-453F-B76A-BD72071959E2}
2010-10-28 19:37:20 -------- d-----w- C:\Program Files (x86)\Flash
2010-10-23 22:08:30 -------- d-----w- C:\Twixtor5AEManual
2010-10-23 22:08:15 -------- d-----w- C:\Twixtor5AE
==================== Find3M ====================
2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-08-27 22:19:35 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-08-27 22:19:30 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-08-27 22:19:30 2373712 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-08-26 16:27:46 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:21:44 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 16:21:44 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 16:21:43 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:07:25 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:01:35 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-20 15:56:01 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 15:21:02 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2009-12-22 04:44:16 348952 ----a-w- C:\Program Files (x86)\Uninstal.exe
============= FINISH: 15:57:33.08 ===============
Please and Thank you!
http://forums.spybot.info/showthread.php?t=60435
Update: Did a Full system Malware Bytes scan, and found 40 new things, but it crashed mid way through quarantining.
Please help! I'm really worried that the KillSec thing might have taken some information or something..
I have had past problems before
Details in this thread
http://forums.spybot.info/showthread.php?t=60463
And I thought I fixed it, (I quarantined and such, and then deleted the registry keys that were connect to the viruses)
but today, when I woke up I boot up my computer, and tried to go on the Internet, how ever, nothing will load, when I try to type in a website, it just refreshes the page, no error page comes up, and it does not load. And when I try to connect to a VOiP server, it says "Contacting server" indicating that theres no internet connection, how ever, on my bottom right, it says that I am connected to the internet!
I have tried re-booting, tried multiple websites, and re booting my router, how ever it still does not work.
I have scanned with malware bytes and spy bot a lot of times.
Spybot- nothing.
malware bytes- a new file/registry key/program gets infected every time i scan.
And avast blocked this thing ( i did not get enough time to read) that said insertipaddresshere.exe
there was actually an ip address though by the way, just don't remember it.
And it was in one of my Windows folder..
So yeah, now I don't have connection to the internet, and I'm afraid that the virus just tried connecting itself to another server to steal information or something.
I'm posting on another computer on the same network by the way so it's only that infected one that is not working.
(Ipod, 2 other desktops and 1 laptop relying on same connection, IS working.)
I cannot post the log.. well since I'm on a different computer then the one that is actually infected..
PLEASE HELP!!
============================
The Waiting Room (http://forums.spybot.info/forumdisplay.php?f=37) [I]"If you have waited four days or longer for assistance, please start a topic in this sub-forum and post with a link back to your topic in the Malware forum, so that we know who you are"
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
Frostwire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go and uninstall the programs listed above (in red).
After that:
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
frequencyyy
2010-11-21, 19:09
Hello, thank you so much for replying!
I will uninstall those, but I hope this will still work if I download OTL and all the following programs onto a flash drive on another computer, and then transfer it to the infected computer while it's in safe mode (w/o net working)
Because today when I turned on the computer, Norton gives me a message saying.
"It seems like your computer is trying to connect to somewhere we do not recognize, perhaps you have moved to a new location, or you are at a friend's house. Would you like to allow this connection?| IP: 192.168.1.1 , Mask: 255.255.0.0" and won't let me get on the internet. .
frequencyyy
2010-11-21, 19:38
I uninstalled uTorrent and FrostWire after the scan, so if it shows up, my apologies.
Alright, the OTL scan was done in Safe Mode, and logs were put on a flash drive, and posting on a clean computer .
Log;
OTL logfile created on: 11/21/2010 1:27:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 88.00% Memory free
10.00 Gb Paging File | 10.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 102.63 Gb Free Space | 22.75% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.34 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.81 Gb Total Space | 3.81 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\OTL.exe (OldTimer Tools)
========== Modules (SafeList) ==========
MOD - C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
========== Driver Services (SafeList) ==========
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:[b]64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.ijji.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "/=45:A"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://element.searchpluswin.com/?cmd=home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.1.0.12
FF - prefs.js..extensions.enabledItems: {74714d77-1695-4e73-a98e-25cb374f46b4}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {e9ddc636-f9b4-43db-9795-fba05b2d0e22}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.2.14
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "http://yandex.ru/yandsearch?clid=123045&text="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/03 21:39:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/03 21:39:35 | 000,000,000 | ---D | M]
[2009/03/18 18:10:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2010/11/20 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions
[2010/02/09 20:49:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/08/15 20:13:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/25 23:40:19 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/03/18 16:01:38 | 000,000,000 | ---D | M] (iPhone OS 3 Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010/08/15 20:13:02 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/07/21 14:19:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/25 00:58:42 | 000,000,000 | ---D | M] (Murder Toys Community Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\{e9ddc636-f9b4-43db-9795-fba05b2d0e22}
[2010/09/25 00:58:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\engine@conduit.com
[2010/07/18 02:05:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\nr9r54fv.default\extensions\youtube2mp3@mondayx.de
[2009/10/18 18:30:23 | 000,004,284 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\amlkb2da.xml
[2009/04/06 17:45:38 | 000,000,682 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\ask.xml
[2009/11/07 19:42:50 | 000,002,163 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\bing.xml
[2009/12/23 18:59:08 | 000,000,917 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\conduit.xml
[2010/11/18 17:08:05 | 000,001,700 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\element.xml
[2010/11/18 17:08:06 | 000,001,540 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\swagbuckscom.xml
[2010/02/09 20:50:07 | 000,001,196 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\FireFox\Profiles\nr9r54fv.default\searchplugins\winamp-search.xml
[2010/11/20 23:12:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ctxlogging.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
[2009/07/02 23:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/02/26 19:20:44 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
[2010/10/24 06:51:58 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google_search.xml
[2010/11/08 06:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/04/30 13:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (C:\Windows\SysWow64\xsl3g.dll) - {B1BA20C1-A503-59BD-F412-03B53A2C8951} - C:\Windows\SysWOW64\xsl3g.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4 - HKLM..\Run: [Lvddhfngmve] C:\Users\James\AppData\Local\Temp\hexdump.exe ()
O4 - HKLM..\Run: [Lvddhfngotd] C:\Users\James\AppData\Local\Temp\install.exe ()
O4 - HKLM..\Run: [Lvddhfngpb] C:\Users\James\AppData\Local\Temp\login.exe ()
O4 - HKLM..\Run: [Lvddhfngpta] C:\Users\James\AppData\Local\Temp\services.exe ()
O4 - HKLM..\Run: [LvddhfngrA] C:\Users\James\AppData\Local\Temp\win16.exe ()
O4 - HKLM..\Run: [Lvddhfngrsc] C:\Users\James\AppData\Local\Temp\winlogon.exe ()
O4 - HKLM..\Run: [LvddhfngsfP] C:\Users\James\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKLM..\Run: [Lvddhfngta] C:\Users\James\AppData\Local\Temp\user.exe ()
O4 - HKLM..\Run: [Mquxe] C:\Windows\system [2006/11/02 07:39:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Mqva] C:\Windows\win.exe ()
O4 - HKCU..\Run: [Lvddhfngmve] C:\Users\James\AppData\Local\Temp\hexdump.exe ()
O4 - HKCU..\Run: [Lvddhfngotd] C:\Users\James\AppData\Local\Temp\install.exe ()
O4 - HKCU..\Run: [Lvddhfngpb] C:\Users\James\AppData\Local\Temp\login.exe ()
O4 - HKCU..\Run: [Lvddhfngpta] C:\Users\James\AppData\Local\Temp\services.exe ()
O4 - HKCU..\Run: [LvddhfngrA] C:\Users\James\AppData\Local\Temp\win16.exe ()
O4 - HKCU..\Run: [Lvddhfngrsc] C:\Users\James\AppData\Local\Temp\winlogon.exe ()
O4 - HKCU..\Run: [LvddhfngsfP] C:\Users\James\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [Lvddhfngta] C:\Users\James\AppData\Local\Temp\user.exe ()
O4 - HKCU..\Run: [Mquxe] C:\Windows\system [2006/11/02 07:39:29 | 000,000,000 | ---D | M]
O4 - HKCU..\Run: [Mqva] C:\Windows\win.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\lsp5E7E.dll ()
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} http://channel.dontblynk.com/Launcher/StWbUsa.CAB (StWbUsa Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O22 - SharedTaskScheduler: {B1BA20C1-A503-59BD-F412-03B53A2C8951} - uawhr987ry38w7rhawuig673fef - C:\Windows\SysWOW64\xsl3g.dll ()
O24 - Desktop WallPaper: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/23 14:32:44 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{057b703b-0fbd-11de-97a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{057b703b-0fbd-11de-97a3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2010/09/17 22:01:31 | 000,349,520 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found
NetSvcs: FastUserSwitchingCompatibility - C:\Windows\SysWOW64\FastUv32.dll ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32:64bit: vidc.i420 - lvcod64.dll ()
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Program Files (x86)\GameHi_USA\SuddenAttackNA\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2010/11/21 13:21:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\OTL.exe
[2010/11/21 00:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/17 21:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2010/11/17 15:31:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/17 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/16 16:12:33 | 000,220,672 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp2a3f.exe
[2010/11/16 16:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/16 16:12:09 | 000,220,672 | -H-- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd7f.exe
[2010/11/16 16:11:49 | 000,220,672 | -H-- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd8f.exe
[2010/11/16 16:11:41 | 000,220,672 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp297f.exe
[2010/11/16 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2010/11/15 18:53:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Logitech
[2010/11/15 18:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/11/15 18:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/11/14 11:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\kKjIc02097
[2010/11/13 01:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/11/13 01:46:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/11/13 01:45:57 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/11/13 01:45:56 | 000,536,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/11/13 01:45:55 | 003,460,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/11/13 01:45:55 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/11/13 01:45:54 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/11/13 01:45:49 | 003,953,152 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/11/13 01:45:45 | 004,407,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/11/13 01:45:44 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/11/13 01:45:40 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/11/13 01:45:39 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/11/13 01:45:38 | 004,077,568 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/11/13 01:45:36 | 000,241,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010/11/13 01:45:35 | 016,201,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/11/13 01:45:35 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/11/13 01:45:35 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/11/13 01:45:35 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/11/13 01:45:34 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/11/09 16:12:08 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Activision
[2010/11/09 15:53:09 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/11/09 15:53:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/11/09 15:53:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/11/09 15:53:06 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/11/09 15:53:02 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/11/09 15:53:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/11/09 15:52:58 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/11/09 15:52:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/11/09 15:52:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/11/09 15:52:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/11/09 15:52:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/11/09 15:52:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/11/09 15:52:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/09 15:52:44 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/11/09 15:52:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/11/09 15:52:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/11/09 15:52:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/11/09 15:52:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 15:52:30 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/11/09 15:52:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/11/09 15:52:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/11/09 15:52:24 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/11/09 15:52:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/09 15:52:22 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/11/09 15:52:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/11/09 15:52:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/11/09 15:52:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/11/09 15:52:12 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/11/09 15:52:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/11/09 15:52:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/11/09 15:52:07 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/11/09 15:52:05 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/11/09 15:52:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/11/09 15:52:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/11/09 15:52:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/11/09 15:51:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/11/09 15:51:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/11/09 15:51:54 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/11/09 15:51:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/11/09 15:51:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/11/09 15:51:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/11/09 15:51:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/11/09 15:51:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/11/09 15:51:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/11/09 15:51:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/11/09 15:51:37 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/11/09 15:51:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/11/09 15:51:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/11/09 15:51:30 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/11/09 15:51:30 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/11/09 15:51:27 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/11/09 15:51:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/11/09 15:51:18 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/11/09 15:51:18 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/11/09 15:51:11 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/11/09 15:51:06 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/11/09 15:51:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/11/09 15:51:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/11/09 15:50:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/11/09 15:50:51 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/11/09 15:50:51 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/11/09 15:50:48 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/11/09 15:50:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/11/09 15:50:45 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/11/09 15:50:44 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/11/09 15:50:41 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/11/09 15:50:38 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/11/09 15:50:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/11/09 15:50:35 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/11/09 15:50:32 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/11/09 15:50:29 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/11/09 15:50:27 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/11/09 15:50:22 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/11/09 15:50:22 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/11/09 15:50:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/11/09 15:50:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/11/09 15:50:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/11/09 15:50:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/11/09 15:50:06 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/11/09 15:49:52 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/11/09 15:49:49 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/11/09 15:49:49 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/11/09 15:49:46 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/11/09 15:49:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/11/09 15:49:39 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/11/09 15:49:36 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/11/09 15:49:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/11/09 15:49:30 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/11/07 16:16:42 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/11/07 16:11:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Knoll Light Factory
[2010/11/04 19:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010/11/04 19:10:10 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\TrackMania
[2010/11/04 02:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/10/28 18:41:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/28 18:41:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/28 18:33:52 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2010/10/28 18:33:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/28 18:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/28 18:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/28 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/28 15:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/28 15:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/28 15:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/28 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{42987DD0-7F6F-453F-B76A-BD72071959E2}
[2010/10/28 14:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash
[2010/10/23 17:08:30 | 000,000,000 | ---D | C] -- C:\Twixtor5AEManual
[2010/10/23 17:08:15 | 000,000,000 | ---D | C] -- C:\Twixtor5AE
[2010/10/23 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/21 13:26:28 | 000,755,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/21 13:26:28 | 000,639,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/21 13:26:28 | 000,117,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/21 13:19:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/21 13:13:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\OTL.exe
[2010/11/21 12:59:25 | 000,002,282 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/11/21 12:58:59 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/11/21 12:57:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/21 12:57:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 12:57:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 12:56:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/11/21 03:12:20 | 000,036,356 | -H-- | M] () -- C:\Windows\system.exe
[2010/11/21 03:12:10 | 000,036,356 | -H-- | M] () -- C:\Windows\win.exe
[2010/11/21 02:54:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/21 02:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2350392256-723068568-1841391928-1000UA.job
[2010/11/21 02:33:31 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\GenesisAD.lnk
[2010/11/21 02:02:32 | 000,364,032 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\rkill.com
[2010/11/17 20:40:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2350392256-723068568-1841391928-1000Core.job
[2010/11/17 16:17:30 | 000,005,797 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\attach.zip.zip
[2010/11/17 15:30:25 | 000,000,945 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2010/11/17 15:25:28 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/11/16 21:29:08 | 000,000,249 | ---- | M] () -- C:\Windows\wininit.ini
[2010/11/16 16:12:46 | 000,036,356 | -H-- | M] () -- C:\Windows\drweb.exe
[2010/11/16 16:12:33 | 000,220,672 | ---- | M] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp2a3f.exe
[2010/11/16 16:12:30 | 000,036,356 | -H-- | M] () -- C:\Windows\winamp.exe
[2010/11/16 16:12:17 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\uznec0.dll
[2010/11/16 16:12:09 | 000,220,672 | -H-- | M] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd7f.exe
[2010/11/16 16:11:56 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\k0134b1yc.dll
[2010/11/16 16:11:49 | 000,220,672 | -H-- | M] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd8f.exe
[2010/11/16 16:11:41 | 000,220,672 | ---- | M] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp297f.exe
[2010/11/16 16:11:31 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\xsl3g.dll
[2010/11/15 23:59:55 | 000,004,540 | ---- | M] () -- C:\Users\James\AppData\Roaming\wklnhst.dat
[2010/11/15 23:56:55 | 000,034,816 | ---- | M] () -- C:\Users\James\Documents\columbus.wps
[2010/11/15 18:53:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/11/15 18:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/11/14 11:42:00 | 000,047,490 | ---- | M] () -- C:\Windows\SysWow64\lsp5E7E.dll
[2010/11/14 11:42:00 | 000,000,004 | -H-- | M] () -- C:\Windows\SysWow64\iexplore.sy_
[2010/11/14 03:28:23 | 000,008,864 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2010/11/13 01:46:00 | 000,118,784 | ---- | M] () -- C:\Windows\SysNative\atibtmon.exe
[2010/11/13 01:46:00 | 000,051,200 | ---- | M] () -- C:\Windows\SysNative\ATIODCLI.exe
[2010/11/13 01:46:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/11/13 01:45:59 | 000,628,224 | ---- | M] () -- C:\Windows\SysNative\aticfx64.dll
[2010/11/13 01:45:59 | 000,462,336 | ---- | M] () -- C:\Windows\SysNative\atieclxx.exe
[2010/11/13 01:45:59 | 000,332,800 | ---- | M] () -- C:\Windows\SysNative\ATIODE.exe
[2010/11/13 01:45:59 | 000,058,880 | ---- | M] () -- C:\Windows\SysNative\coinst.dll
[2010/11/13 01:45:59 | 000,053,760 | ---- | M] () -- C:\Windows\SysNative\atimpc64.dll
[2010/11/13 01:45:59 | 000,053,760 | ---- | M] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/11/13 01:45:58 | 000,450,560 | ---- | M] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/11/13 01:45:58 | 000,014,848 | ---- | M] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/11/13 01:45:58 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/11/13 01:45:58 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/11/13 01:45:57 | 003,460,096 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/11/13 01:45:57 | 000,002,857 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/13 01:45:57 | 000,002,857 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2010/11/13 01:45:56 | 003,222,016 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/11/13 01:45:56 | 000,536,576 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/11/13 01:45:56 | 000,030,720 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/11/13 01:45:56 | 000,021,504 | ---- | M] () -- C:\Windows\SysNative\atig6txx.dll
[2010/11/13 01:45:56 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\atimuixx.dll
[2010/11/13 01:45:54 | 000,285,696 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/11/13 01:45:54 | 000,114,704 | ---- | M] () -- C:\Windows\SysNative\drivers\AtihdLH6.sys
[2010/11/13 01:45:54 | 000,028,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/11/13 01:45:53 | 007,883,264 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/11/13 01:45:53 | 000,614,400 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/11/13 01:45:53 | 000,224,342 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/11/13 01:45:52 | 000,614,400 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/11/13 01:45:51 | 003,953,152 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/11/13 01:45:49 | 005,470,720 | ---- | M] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/11/13 01:45:49 | 004,407,808 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/11/13 01:45:48 | 021,344,256 | ---- | M] () -- C:\Windows\SysNative\atio6axx.dll
[2010/11/13 01:45:45 | 005,240,832 | ---- | M] () -- C:\Windows\SysNative\atiumd64.dll
[2010/11/13 01:45:45 | 000,340,480 | ---- | M] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/11/13 01:45:45 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/11/13 01:45:44 | 016,201,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/11/13 01:45:44 | 000,120,320 | ---- | M] () -- C:\Windows\SysNative\atitmm64.dll
[2010/11/13 01:45:43 | 000,078,848 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/11/13 01:45:42 | 004,077,568 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/11/13 01:45:41 | 000,019,968 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/11/13 01:45:40 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/11/13 01:45:39 | 000,044,544 | ---- | M] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/11/13 01:45:37 | 000,241,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010/11/13 01:45:36 | 000,059,392 | ---- | M] () -- C:\Windows\SysNative\atiedu64.dll
[2010/11/13 01:45:36 | 000,037,888 | ---- | M] () -- C:\Windows\SysNative\atiu9p64.dll
[2010/11/13 01:45:35 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/11/13 01:45:35 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/11/13 01:45:35 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/11/13 01:45:35 | 000,051,200 | ---- | M] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/11/13 01:45:34 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/11/13 01:45:34 | 000,203,264 | ---- | M] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/11/13 01:45:34 | 000,039,936 | ---- | M] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/11/13 01:45:33 | 004,660,224 | ---- | M] () -- C:\Windows\SysNative\atidxx64.dll
[2010/11/13 01:45:33 | 000,421,376 | ---- | M] () -- C:\Windows\SysNative\atipdl64.dll
[2010/11/13 01:45:33 | 000,143,360 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/11/13 01:45:33 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/11/13 01:45:33 | 000,022,190 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/11/13 01:45:32 | 000,026,112 | ---- | M] () -- C:\Windows\SysNative\atitmp64.dll
[2010/11/11 20:41:11 | 000,000,187 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2010/11/11 20:41:05 | 000,001,922 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2010/11/11 20:41:03 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/11/09 16:09:44 | 000,000,221 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Call of Duty Black Ops.url
[2010/11/09 16:09:44 | 000,000,221 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/11/08 07:04:38 | 000,022,016 | ---- | M] () -- C:\Users\James\Documents\MARTIAN CHRONICLES.wps
[2010/11/05 22:41:46 | 000,002,086 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Google Chrome.lnk
[2010/11/05 22:41:46 | 000,002,006 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 13:54:20 | 000,000,221 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\America's Army 3.url
[2010/11/04 17:32:15 | 000,000,221 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\TrackMania Nations Forever.url
[2010/11/04 17:31:28 | 000,000,187 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Spacewar.url
[2010/11/04 17:29:20 | 000,000,218 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Codename Gordon.url
[2010/11/04 17:28:46 | 000,000,221 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\BattleForge Demo.url
[2010/11/04 17:26:17 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Alien Swarm.url
[2010/11/04 14:46:11 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Counter-Strike Source.url
[2010/11/04 14:46:11 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Counter-Strike Source Beta.url
[2010/11/02 22:58:45 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Half-Life 2 Lost Coast.url
[2010/11/02 22:58:45 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Half-Life 2 Deathmatch.url
[2010/11/01 22:23:09 | 003,224,576 | ---- | M] () -- C:\Users\James\Documents\u.wps
[2010/10/28 22:45:50 | 000,035,840 | ---- | M] () -- C:\Users\James\Documents\RESARCH.wps
[2010/10/28 19:56:45 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Left 4 Dead.url
[2010/10/28 19:56:45 | 000,000,219 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Left 4 Dead 2.url
[2010/10/28 18:45:22 | 000,001,123 | ---- | M] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 18:33:27 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 18:01:38 | 000,009,028 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps64.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
frequencyyy
2010-11-21, 19:39
========== Files Created - No Company Name ==========
[2010/11/21 03:12:20 | 000,036,356 | -H-- | C] () -- C:\Windows\system.exe
[2010/11/21 03:12:10 | 000,036,356 | -H-- | C] () -- C:\Windows\win.exe
[2010/11/21 02:02:29 | 000,364,032 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\rkill.com
[2010/11/17 21:46:36 | 000,336,516 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI0B37.txt
[2010/11/17 21:46:29 | 000,014,166 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI0B37.txt
[2010/11/17 16:17:30 | 000,005,797 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\attach.zip.zip
[2010/11/17 15:30:25 | 000,000,945 | ---- | C] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2010/11/17 15:25:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/11/16 21:29:06 | 000,000,249 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/16 16:12:46 | 000,036,356 | -H-- | C] () -- C:\Windows\drweb.exe
[2010/11/16 16:12:29 | 000,036,356 | -H-- | C] () -- C:\Windows\winamp.exe
[2010/11/16 16:12:17 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\uznec0.dll
[2010/11/16 16:11:56 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\k0134b1yc.dll
[2010/11/16 16:11:31 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\xsl3g.dll
[2010/11/15 18:53:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/11/15 18:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/11/14 23:02:18 | 000,034,816 | ---- | C] () -- C:\Users\James\Documents\columbus.wps
[2010/11/14 11:42:00 | 000,047,490 | ---- | C] () -- C:\Windows\SysWow64\lsp5E7E.dll
[2010/11/14 11:42:00 | 000,000,004 | -H-- | C] () -- C:\Windows\SysWow64\iexplore.sy_
[2010/11/13 01:46:00 | 000,118,784 | ---- | C] () -- C:\Windows\SysNative\atibtmon.exe
[2010/11/13 01:46:00 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2010/11/13 01:45:59 | 000,628,224 | ---- | C] () -- C:\Windows\SysNative\aticfx64.dll
[2010/11/13 01:45:59 | 000,058,880 | ---- | C] () -- C:\Windows\SysNative\coinst.dll
[2010/11/13 01:45:58 | 000,462,336 | ---- | C] () -- C:\Windows\SysNative\atieclxx.exe
[2010/11/13 01:45:58 | 000,332,800 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2010/11/13 01:45:58 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\atimpc64.dll
[2010/11/13 01:45:58 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/11/13 01:45:57 | 000,450,560 | ---- | C] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/11/13 01:45:57 | 000,014,848 | ---- | C] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/11/13 01:45:57 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/11/13 01:45:57 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/13 01:45:57 | 000,002,857 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/11/13 01:45:56 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\atig6txx.dll
[2010/11/13 01:45:55 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\atimuixx.dll
[2010/11/13 01:45:54 | 003,222,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/11/13 01:45:54 | 000,285,696 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/11/13 01:45:53 | 000,114,704 | ---- | C] () -- C:\Windows\SysNative\drivers\AtihdLH6.sys
[2010/11/13 01:45:52 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/11/13 01:45:52 | 000,224,342 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/11/13 01:45:51 | 000,614,400 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/11/13 01:45:45 | 007,883,264 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/11/13 01:45:45 | 005,470,720 | ---- | C] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/11/13 01:45:44 | 000,340,480 | ---- | C] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/11/13 01:45:43 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/11/13 01:45:38 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/11/13 01:45:36 | 021,344,256 | ---- | C] () -- C:\Windows\SysNative\atio6axx.dll
[2010/11/13 01:45:36 | 000,037,888 | ---- | C] () -- C:\Windows\SysNative\atiu9p64.dll
[2010/11/13 01:45:35 | 000,059,392 | ---- | C] () -- C:\Windows\SysNative\atiedu64.dll
[2010/11/13 01:45:34 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/11/13 01:45:34 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/11/13 01:45:34 | 000,039,936 | ---- | C] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/11/13 01:45:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/11/13 01:45:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/11/13 01:45:33 | 000,022,190 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/11/13 01:45:31 | 004,660,224 | ---- | C] () -- C:\Windows\SysNative\atidxx64.dll
[2010/11/13 01:45:31 | 000,026,112 | ---- | C] () -- C:\Windows\SysNative\atitmp64.dll
[2010/11/11 20:41:42 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\GenesisAD.lnk
[2010/11/11 20:41:11 | 000,000,187 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2010/11/11 20:41:08 | 000,323,128 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI0463.txt
[2010/11/11 20:41:07 | 000,011,174 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI0463.txt
[2010/11/11 20:25:20 | 000,322,244 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI784E.txt
[2010/11/11 20:25:20 | 000,011,142 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI784E.txt
[2010/11/11 20:22:47 | 000,323,884 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI7654.txt
[2010/11/11 20:22:45 | 000,011,206 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI7654.txt
[2010/11/11 20:16:30 | 000,323,890 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI7188.txt
[2010/11/11 20:16:29 | 000,011,206 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI7188.txt
[2010/11/09 16:09:44 | 000,000,221 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Call of Duty Black Ops.url
[2010/11/09 16:09:44 | 000,000,221 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/11/09 15:53:09 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/11/09 15:53:09 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/11/09 15:53:07 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/11/09 15:53:06 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/11/09 15:53:02 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/11/09 15:53:00 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/11/09 15:52:58 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/11/09 15:52:56 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/11/09 15:52:51 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/11/09 15:52:51 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/11/09 15:52:49 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/11/09 15:52:48 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/11/09 15:52:45 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/11/09 15:52:44 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/11/09 15:52:41 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/11/09 15:52:38 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/11/09 15:52:36 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/11/09 15:52:35 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/09 15:52:33 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2010/11/09 15:52:30 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/11/09 15:52:30 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2010/11/09 15:52:26 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2010/11/09 15:52:24 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2010/11/09 15:52:24 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/11/09 15:52:22 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2010/11/09 15:52:19 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/11/09 15:52:16 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/11/09 15:52:16 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2010/11/09 15:52:12 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2010/11/09 15:52:09 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2010/11/09 15:52:09 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/11/09 15:52:07 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2010/11/09 15:52:05 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/11/09 15:52:02 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/11/09 15:52:02 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/11/09 15:52:00 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/11/09 15:51:57 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/11/09 15:51:57 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2010/11/09 15:51:54 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2010/11/09 15:51:51 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2010/11/09 15:51:51 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/11/09 15:51:49 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2010/11/09 15:51:47 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/11/09 15:51:43 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/11/09 15:51:43 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2010/11/09 15:51:39 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2010/11/09 15:51:37 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2010/11/09 15:51:35 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2010/11/09 15:51:33 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/11/09 15:51:30 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/11/09 15:51:30 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2010/11/09 15:51:27 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2010/11/09 15:51:24 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2010/11/09 15:51:18 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/11/09 15:51:18 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2010/11/09 15:51:11 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2010/11/09 15:51:06 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2010/11/09 15:51:01 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/11/09 15:51:01 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2010/11/09 15:50:54 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2010/11/09 15:50:51 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2010/11/09 15:50:51 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/11/09 15:50:48 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/11/09 15:50:48 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2010/11/09 15:50:45 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2010/11/09 15:50:44 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/11/09 15:50:41 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2010/11/09 15:50:38 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/11/09 15:50:38 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2010/11/09 15:50:35 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2010/11/09 15:50:32 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2010/11/09 15:50:29 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2010/11/09 15:50:27 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2010/11/09 15:50:22 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/11/09 15:50:22 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/11/09 15:50:19 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/11/09 15:50:17 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/11/09 15:50:15 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/11/09 15:50:11 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/11/09 15:50:09 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/11/09 15:50:06 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/11/09 15:49:52 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/11/09 15:49:49 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/11/09 15:49:49 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/11/09 15:49:46 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/11/09 15:49:42 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2010/11/09 15:49:39 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/11/09 15:49:36 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/11/09 15:49:33 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/11/09 15:49:30 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/11/09 15:46:54 | 000,407,712 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI06EC.txt
[2010/11/09 15:46:53 | 000,011,430 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI06EC.txt
[2010/11/08 00:09:43 | 000,022,016 | ---- | C] () -- C:\Users\James\Documents\MARTIAN CHRONICLES.wps
[2010/11/05 13:54:20 | 000,000,221 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\America's Army 3.url
[2010/11/04 17:32:15 | 000,000,221 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\TrackMania Nations Forever.url
[2010/11/04 17:31:28 | 000,000,187 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Spacewar.url
[2010/11/04 17:29:20 | 000,000,218 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Codename Gordon.url
[2010/11/04 17:28:46 | 000,000,221 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\BattleForge Demo.url
[2010/11/04 17:26:17 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Alien Swarm.url
[2010/11/04 14:46:11 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Counter-Strike Source.url
[2010/11/04 14:46:11 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Counter-Strike Source Beta.url
[2010/11/02 22:58:45 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Half-Life 2 Lost Coast.url
[2010/11/02 22:58:45 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Half-Life 2 Deathmatch.url
[2010/11/01 22:23:08 | 003,224,576 | ---- | C] () -- C:\Users\James\Documents\u.wps
[2010/10/28 22:30:22 | 000,035,840 | ---- | C] () -- C:\Users\James\Documents\RESARCH.wps
[2010/10/28 19:56:45 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Left 4 Dead.url
[2010/10/28 19:56:45 | 000,000,219 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Left 4 Dead 2.url
[2010/10/28 18:45:22 | 000,001,123 | ---- | C] () -- C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 18:41:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/28 18:41:20 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/28 18:33:27 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 18:33:21 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/28 15:52:30 | 000,281,744 | ---- | C] () -- C:\Users\James\Documents\Combat-Arms_12.jpg
[2010/10/28 15:52:30 | 000,278,063 | ---- | C] () -- C:\Users\James\Documents\Combat-Arms_11.jpg
[2010/10/28 15:52:30 | 000,248,917 | ---- | C] () -- C:\Users\James\Documents\Combat-Arms_08.jpg
[2010/10/28 15:52:30 | 000,248,839 | ---- | C] () -- C:\Users\James\Documents\Combat-Arms_07.jpg
[2010/10/28 15:52:30 | 000,248,735 | ---- | C] () -- C:\Users\James\Documents\Combat-Arms_09.jpg
[2010/10/28 15:50:08 | 000,336,902 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI5FAD.txt
[2010/10/28 15:49:57 | 000,015,878 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI5FAD.txt
[2010/03/18 16:57:34 | 000,034,895 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/18 16:57:34 | 000,034,895 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/10 22:16:10 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/01/18 00:57:08 | 000,419,612 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI54AD.txt
[2010/01/18 00:57:06 | 000,012,470 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI54AD.txt
[2010/01/18 00:38:23 | 000,419,482 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI4657.txt
[2010/01/18 00:38:22 | 000,011,630 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI4657.txt
[2010/01/07 16:21:09 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2009/12/21 23:43:04 | 000,348,952 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe
[2009/11/20 19:50:16 | 000,315,392 | ---- | C] () -- C:\Users\James\AppData\Roaming\DataSafeDotNet.exe
[2009/11/17 21:59:29 | 000,750,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/17 20:11:44 | 000,002,663 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/07 21:09:10 | 001,000,197 | ---- | C] () -- C:\Users\James\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/07 21:09:06 | 000,991,536 | ---- | C] () -- C:\Users\James\AppData\Local\dd_dotnetfx35install.txt
[2009/11/07 21:09:06 | 000,046,098 | ---- | C] () -- C:\Users\James\AppData\Local\uxeventlog.txt
[2009/11/07 21:09:06 | 000,000,002 | ---- | C] () -- C:\Users\James\AppData\Local\dd_dotnetfx35error.txt
[2009/10/12 12:24:05 | 000,004,540 | ---- | C] () -- C:\Users\James\AppData\Roaming\wklnhst.dat
[2009/08/16 21:04:55 | 000,009,028 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps64.dat
[2009/08/14 23:58:15 | 000,001,100 | ---- | C] () -- C:\Users\James\AppData\Local\d3d8caps.dat
[2009/06/21 10:30:27 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/16 11:51:41 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/05/16 11:51:20 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/22 19:09:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/22 19:09:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/22 19:08:21 | 000,386,054 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI61D3.txt
[2009/04/22 19:08:19 | 000,011,124 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI61D3.txt
[2009/04/22 18:57:37 | 000,426,878 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistMSI59A2.txt
[2009/04/22 18:57:37 | 000,011,444 | ---- | C] () -- C:\Users\James\AppData\Local\dd_vcredistUI59A2.txt
[2009/04/04 18:30:14 | 000,180,736 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 11:55:20 | 000,008,864 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2008/02/08 17:20:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\winOGL.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/10/28 16:19:06 | 003,411,941 | ---- | M] () -- C:\1.txt
[2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 19:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/03/13 13:51:11 | 000,003,648 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/21 13:18:46 | 1385,451,519 | -HS- | M] () -- C:\pagefile.sys
[2010/09/09 21:14:55 | 000,075,142 | ---- | M] () -- C:\ReactorException.dmp
[2010/11/21 03:14:06 | 000,000,341 | ---- | M] () -- C:\rkill.log
[2005/04/07 21:16:43 | 000,000,015 | -H-- | M] () -- C:\SYSTEMlog.dat
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
frequencyyy
2010-11-21, 19:40
Extras
OTL Extras logfile created on: 11/21/2010 1:27:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Videos\Sample Videos\DivX Movies\Favorites\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 88.00% Memory free
10.00 Gb Paging File | 10.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 102.63 Gb Free Space | 22.75% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.34 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.81 Gb Total Space | 3.81 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3844B3D3-F7FD-43FD-83FE-9E7ECA62F4A6}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{4C47E238-D51A-4842-AFA6-65D500E08C13}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{51A68103-AE7C-470A-BAE8-9A5D3FFCAB1A}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{5BFD0D2A-AD06-4DA2-B2B5-034B99AD651F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{607C0B3D-7A73-4211-B8F0-97ECCF607D09}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{64885347-2780-4762-A3E0-9A603C647F87}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{816204DE-2852-4AC1-A0AA-6E3CC61C9EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8DEEC82A-D998-42D5-AFB8-C19AC0F45D88}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{924C86A6-CFD1-4891-B8EA-C7122608D990}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{9E0E6C52-BC36-4164-894C-86A104328F1C}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{B2B3F2C8-B4C6-429C-9664-9AD47C323C2A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{CA974506-D1A6-45E3-8DB4-3CC0AA11ABE1}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{DEF80577-FF43-4A1B-8129-420581F881DB}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{EDFFD4D8-6A49-40DC-861C-D0C2119285F1}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0039FB23-4E58-4BD7-8DD4-7DB75AA274D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{004878B6-FC1F-471D-87DC-6A38353C0C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battleforge\support\ea help\electronic_arts_technical_support.htm |
"{097C6F51-0E93-409C-A794-C26C826534DF}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{0E3E6F37-E4FD-4AFD-B173-C0A7E5AF7124}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{0F0C39E0-49FB-4703-BF6A-777E379F6811}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{13F592D8-D67C-4B2C-9C40-E894FEA67926}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14CD06B3-D222-4044-B176-F0C2FC5D7671}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{1604BFD5-3D4A-47E7-AC56-8B2D5588CE1D}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{16FC7CC4-E5D7-4A73-BDE9-63A71A3A213B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1E147E08-5574-432E-97F5-3EAD4F58AA48}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F40DA18-562F-4158-B795-CCAF0337894C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{1FDECD43-29D4-4C6A-9031-5B2ED9FB77D7}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{20C2236E-A25D-4DFE-9DFB-9F296EC217C7}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{21FD89A6-A447-4030-9E34-99F9D0B0798E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\frequencyyy\counter-strike source\hl2.exe |
"{23FA0837-8416-4327-8A9C-18914917550D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{24EFFE12-6FF6-4480-B115-46D658403EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battleforge\support\ea help\electronic_arts_technical_support.htm |
"{251D03D0-E02B-4A65-8185-5C2E15EAB7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{2B2F2FBC-8743-483E-A1DF-C5D8A5014DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\krislomh\counter-strike source\hl2.exe |
"{2C2BA531-CEF6-4CE0-8B5C-55018A91264B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{2D1AECE0-8772-4146-BBCC-91DE952D0990}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D47ED46-3629-45F5-A027-9D3014857CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\krislomh\counter-strike source\hl2.exe |
"{2D54193F-6152-4FB0-A50B-5D1734C7A001}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{2F8BAC99-7FDB-451A-83D8-07CA10244B89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{326AFCFE-C63D-49EF-A775-BA05F8747A30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3434406E-01F3-427D-BF93-B4E5CE75034A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3B2694D9-4747-492E-9C7A-6B47ECD559B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{42152808-3CF0-41FD-B37D-EF19B901C36A}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{43136FCE-4DD7-4EDC-8979-EFCF4FE1FCA0}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{497FC7D8-41B2-43B3-BAA3-BDB4E7E483FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{49B4F23D-EF39-4308-950A-16BDA0C4E3F2}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{50243662-8BD5-4492-AA8A-6A7AEAE35046}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{50BCFEB0-8BFA-4137-8887-29C7B5DECC97}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{55CE05A0-6C34-4E7E-9A32-1C6A7A440218}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{57762407-9E62-40F3-A62A-C6218E4AF35D}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{59BC488B-E2F1-4574-AF78-A5BFFC02AEF8}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{5C42533E-54AC-4D4C-83C7-F92B0FBB7341}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6B3D551A-7EDE-451A-BB53-9773A6CCF0B8}" = protocol=6 | dir=in | app=c:\users\james\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6BD94474-7C9B-4108-9E43-6E2C2D27B0AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6DD7DAC8-1ADF-47A6-A171-B6CB88903F29}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{6ED72CF0-7155-41D2-95B0-005360CC4D2D}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{733E9516-FF57-4D31-968A-A3985D0D8EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{7399C563-132F-4445-BA73-20583665E00F}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{75D4C22C-FEA5-40B9-8FA6-D473A7B20C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{77E61495-30B6-48CE-9209-E226159F5302}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{788AC0E2-0A4B-411A-A7DB-0868396069F3}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{78BEDFEA-5D42-4F51-B132-6D09C293D4EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{78D350C7-8F26-40E5-8253-51FC6E7DFFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{7C9EB217-D5C6-4A97-A7EB-2B1731CD3508}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battleforge\bootstrapper.exe |
"{7CBCFBEC-D9C3-42D0-9664-F3623031E307}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{7ECA9FA4-3C72-42FD-B1FE-7636EB3221B5}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{7F0EB884-35DE-4B47-B211-F62DE3BCE631}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80B4C421-E391-42AF-813A-073152C33883}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{8428FE39-2281-4AF5-A889-5DF1004E8C03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{8A6899C1-4FF4-4651-8E6B-1157B607A603}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{8DF9D3A3-127E-42C4-987C-6A69F0325E45}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{91BD04E7-7812-477A-B8C4-073CBE2D4FCA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{95069E5D-5770-4087-9FA2-B11C27983FAF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9871687A-50DE-4589-B49E-89432F81E891}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{99D99ACC-5D02-443C-BFFE-CEF8C3D8AAD9}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{A595EAA1-2D8E-4BF1-BF0F-3E2FE9A54B23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A6F726EE-C827-4CFA-A365-DC4CDAC99B4B}" = protocol=6 | dir=in | app=c:\ngm\ngm.exe |
"{AEA5FFE5-673F-44FE-9E0E-9A5EDE4A631A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B2C34ACE-1C59-4EF6-B5EE-270C12823EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{B5155469-D128-4D20-A607-E1C3643EEA21}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{B620957D-EC02-42AA-8893-54D301A2F02E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{BD308154-92A4-45EB-AEB4-528FFD6235E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{C271C1CC-A619-4004-91B2-C6AE5FAA0E10}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{C425E19E-5EF8-4CEC-B97D-B808C2A02534}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C51F34B0-E167-4E1F-809E-F47CCCB7328D}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{C6CE2984-9A57-4376-842D-0D9C1C88DF4F}" = protocol=17 | dir=in | app=c:\users\james\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{C701C776-5D81-4515-B7D4-88973FF20981}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{CF9FB51F-0AE4-4A88-8F24-2E5A4E2BAE75}" = protocol=17 | dir=in | app=c:\ngm\ngm.exe |
"{D3F29843-FF14-4864-A390-49259F1CE4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D4C62FF7-0D4B-4152-805A-B606FDBFAB8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battleforge\bootstrapper.exe |
"{D85C3AEB-3A5E-4DE0-A7F3-A3F326DAC149}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{D909C3DB-FBBF-435C-B395-31BFD4306D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC3C007F-36FA-41A9-86B4-592F354A6C57}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DDB81394-C1CC-4300-9E5F-A615C06BB933}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF81D509-BF2E-4567-94A2-EF15D7FD6915}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{E10CEC68-4850-4E74-BC39-F8FC45A45AFD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{E3B1E133-AA06-4833-9F7D-C802325CFB3A}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{E47CC04A-7A97-4025-9A08-0685A13462E9}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{E66D19B5-1A5E-4F9B-9650-D96A6EC7243F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E7F9E0F9-B229-4106-9525-81BB542B51CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{EAA31CFB-50BA-4E36-AFF9-1E18BF0A0047}" = protocol=6 | dir=in | app=c:\users\james\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{ED2DC644-8903-4573-A5A6-50B658C075D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\frequencyyy\counter-strike source\hl2.exe |
"{F2AA5B25-5FBD-43F7-BEFE-8E7115A8B1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{F30755D0-2B2B-4D03-9642-4D9308D52FA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F3230B98-16EF-4FF5-BB93-B623BB6720EC}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{F7E74254-F19C-4506-8DB7-E015AB2D3BC6}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{FC264432-185F-4D8D-9754-4D607CBB0711}" = protocol=17 | dir=in | app=c:\users\james\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{00EB763E-75CF-4414-B361-1932C1380ABE}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{1CEC84D9-6113-46F4-B9A4-CACA5908E747}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{1F8941BB-5FAC-482A-A15F-1549E0204B27}C:\program files (x86)\steam\steamapps\frequencyyy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\frequencyyy\half-life 2 deathmatch\hl2.exe |
"TCP Query User{5B4CDBAF-AC87-4EFB-95FF-4937E556C6BB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{8BCE3B06-AC58-45A0-89B5-DAB0180CA481}C:\users\james\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"TCP Query User{9091D65D-AA24-4F72-B10B-363487015BCA}C:\program files (x86)\adobe cs4\adobe after effects\afterfx\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe cs4\adobe after effects\afterfx\afterfx.exe |
"TCP Query User{CF260087-EC33-477D-9DB4-389A02DE01D0}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"TCP Query User{FBF22C95-47B1-4A3D-8DFD-EA0EE3B754AD}C:\program files (x86)\warsow 0.5\warsow_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warsow 0.5\warsow_x64.exe |
"TCP Query User{FF7B4932-21D3-428B-8537-EED65C13B6D4}C:\kos\game_sting_pak\sting.exe" = protocol=6 | dir=in | app=c:\kos\game_sting_pak\sting.exe |
"UDP Query User{10F93A3E-3E81-419A-A5EE-A476AA1BEF2C}C:\program files (x86)\warsow 0.5\warsow_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warsow 0.5\warsow_x64.exe |
"UDP Query User{40B1DC6D-04D2-4FE2-93A0-668829C3350C}C:\program files (x86)\steam\steamapps\frequencyyy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\frequencyyy\half-life 2 deathmatch\hl2.exe |
"UDP Query User{4167D5A4-03DD-4E1C-B560-4B4B5F6888A5}C:\users\james\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{8BE2866A-799A-40B1-8FAA-E92EEE928773}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{9BC2EA1F-6379-4B14-ADE3-ACE5C8C90922}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{A04A46E0-C64F-4BF4-9713-EBDC5198B75B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{ABD81F25-0F69-44F1-B9EB-881AA1E00755}C:\program files (x86)\adobe cs4\adobe after effects\afterfx\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe cs4\adobe after effects\afterfx\afterfx.exe |
"UDP Query User{EF1ADF3D-4224-44FB-86A9-451FBBB6B227}C:\kos\game_sting_pak\sting.exe" = protocol=17 | dir=in | app=c:\kos\game_sting_pak\sting.exe |
"UDP Query User{EFEB50C5-4C5E-4126-B5B7-5AD507123D6D}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{C1BAE0DA-5BEE-68E4-7FFB-DFCDCBE95602}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
"Virtual Audio Cable 4.04" = Virtual Audio Cable 4.04
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0722CFC8-FB86-B21D-57D2-8CB1E4AFF39E}" = CCC Help Danish
"{0842768F-A173-8B9D-EEDD-DB89B0BC75D9}" = Catalyst Control Center HydraVision Full
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
"{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16AEDA59-36F3-D016-830A-CCAF0B308ECD}" = CCC Help English
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard
"{2FF281F1-4C2F-0D07-BCF0-2CA8E493A671}" = CCC Help Chinese Traditional
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{380EBAEB-DDAF-B6F3-2551-03351C611264}" = CCC Help Italian
"{3B206713-B5A9-8997-97D3-7D3BAEF0D863}" = CCC Help Thai
"{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EB2B92A-49F5-CE65-37B1-8D3E95178228}" = Catalyst Control Center Graphics Full Existing
"{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{44FF51BA-F614-73F9-BCE5-10D1EA3CCBBF}" = CCC Help Finnish
"{46D61287-50D4-46B9-B10B-B6DBCD023873}" = EASEUS Data Recovery Wizard 4.3.6
"{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard
"{491E59D3-4E72-6276-52CA-D9658C941B01}" = CCC Help Turkish
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A381195-A058-D453-EC4C-A27D438A236C}" = CCC Help Czech
"{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French
"{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins
"{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
"{5EB3F5E2-1533-42D2-97C2-E0BA06CA6939}" = GenesisAD
"{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
"{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644FCC7C-63F5-5EE1-258D-30A5FD195891}" = HydraVision
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6EA12203-3A1F-D36E-001A-EEED26D69C08}" = CCC Help Korean
"{6F083009-8E47-004F-8459-FEC59389BC4B}" = CCC Help Portuguese
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732799C0-7785-43C5-8496-71546A062992}" = SuddenAttackNA
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian
"{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian
"{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional
"{7F77542B-C7D0-9A23-7817-018F2C7AC066}" = CCC Help Norwegian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
"{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian
"{86A4E293-3356-851A-A92B-F7417E33EA6B}" = Catalyst Control Center Graphics Full New
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D58A2D8-3F73-4239-2BFA-45C33C6994B9}" = CCC Help Dutch
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9EEFDD22-6CBA-8BBC-A46F-A0175CC071D3}" = CCC Help Swedish
"{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D91AD2-056B-EE87-D196-81F9834551DA}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BBD19BBF-9ABD-F856-5AA1-58A31C3000D3}" = Catalyst Control Center Core Implementation
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C08C8FCE-6EAB-97E4-403C-5ED67C475B53}" = CCC Help Spanish
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3D2EE61-7B29-000E-FFB2-9ECACDC142BD}" = CCC Help Japanese
"{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean
"{C70DCDB3-04F7-F325-5BB2-D646C77342A1}" = CCC Help German
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional
"{CA947F32-E30F-79C0-497C-AA923CA87E6E}" = Catalyst Control Center Localization All
"{CCEC07F5-49FC-3CEA-C5DB-5E8311CD9F8C}" = CCC Help French
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
"{D2A1367C-2C73-7B44-BCC4-C8CFEA0BA870}" = CCC Help Chinese Standard
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EF3D90-CB56-5A6A-6F51-8A3A308A39A8}" = CCC Help Greek
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean
"{D8E339C9-D9DC-94D3-7731-DFEEA6D2277C}" = CCC Help Russian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0112FF2-FB01-1442-9365-EAC63B08729D}" = Catalyst Control Center Graphics Previews Vista
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3EEBF5A-C102-E6CA-9194-2A4A86D74C81}" = CCC Help Hungarian
"{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static
"{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German
"{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC0B2A03-9FBF-4B21-AD3B-14C49C2232C7}" = GenesisAD_Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF18BFA9-45A1-235F-6F6C-F78D3ED37437}" = Catalyst Control Center Graphics Light
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F839F4CD-FA17-CB5D-5422-AB846989EE18}" = Catalyst Control Center Graphics Previews Common
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Cross Fire_is1" = Cross Fire En
"Dell Video Chat" = Dell Video Chat (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"Fraps" = Fraps (remove only)
"FrostWire" = FrostWire 4.18.4
"HyperCam 2" = HyperCam 2
"Install Adobe After Effects Cs4" = Install Adobe After Effects Cs4
"Knoll Light Factory Pro 2.5" = Knoll Light Factory Pro 2.5
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 11020" = TrackMania Nations Forever
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 24770" = BattleForge Demo
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 480" = Spacewar
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 92" = Codename Gordon
"System Tool2011" = System Tool2011
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"29cb50f84af5149c" = CSN Scout
"7ee8590fd50d5d96" = WOGL Anti-Cheat
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Kos (usa)" = Sting
"ScrimZ LockDown" = ScrimZ LockDown
"Winamp Detect" = Winamp Detector Plug-in
< End of report >
Hi again,
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Lvddhfngmve] C:\Users\James\AppData\Local\Temp\hexdump.exe ()
O4 - HKLM..\Run: [Lvddhfngotd] C:\Users\James\AppData\Local\Temp\install.exe ()
O4 - HKLM..\Run: [Lvddhfngpb] C:\Users\James\AppData\Local\Temp\login.exe ()
O4 - HKLM..\Run: [Lvddhfngpta] C:\Users\James\AppData\Local\Temp\services.exe ()
O4 - HKLM..\Run: [LvddhfngrA] C:\Users\James\AppData\Local\Temp\win16.exe ()
O4 - HKLM..\Run: [Lvddhfngrsc] C:\Users\James\AppData\Local\Temp\winlogon.exe ()
O4 - HKLM..\Run: [LvddhfngsfP] C:\Users\James\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKLM..\Run: [Lvddhfngta] C:\Users\James\AppData\Local\Temp\user.exe ()
O4 - HKLM..\Run: [Mquxe] C:\Windows\system [2006/11/02 07:39:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Mqva] C:\Windows\win.exe ()
O4 - HKCU..\Run: [Lvddhfngmve] C:\Users\James\AppData\Local\Temp\hexdump.exe ()
O4 - HKCU..\Run: [Lvddhfngotd] C:\Users\James\AppData\Local\Temp\install.exe ()
O4 - HKCU..\Run: [Lvddhfngpb] C:\Users\James\AppData\Local\Temp\login.exe ()
O4 - HKCU..\Run: [Lvddhfngpta] C:\Users\James\AppData\Local\Temp\services.exe ()
O4 - HKCU..\Run: [LvddhfngrA] C:\Users\James\AppData\Local\Temp\win16.exe ()
O4 - HKCU..\Run: [Lvddhfngrsc] C:\Users\James\AppData\Local\Temp\winlogon.exe ()
O4 - HKCU..\Run: [LvddhfngsfP] C:\Users\James\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [Lvddhfngta] C:\Users\James\AppData\Local\Temp\user.exe ()
O4 - HKCU..\Run: [Mquxe] C:\Windows\system [2006/11/02 07:39:29 | 000,000,000 | ---D | M]
O4 - HKCU..\Run: [Mqva] C:\Windows\win.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\lsp5E7E.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\lsp5E7E.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\lsp5E7E.dll ()
O22 - SharedTaskScheduler: {B1BA20C1-A503-59BD-F412-03B53A2C8951} - uawhr987ry38w7rhawuig673fef - C:\Windows\SysWOW64\xsl3g.dll ()
[2010/11/16 16:12:33 | 000,220,672 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp2a3f.exe
[2010/11/16 16:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/16 16:12:09 | 000,220,672 | -H-- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd7f.exe
[2010/11/16 16:11:49 | 000,220,672 | -H-- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnpd8f.exe
[2010/11/16 16:11:41 | 000,220,672 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\mspnp297f.exe
[2010/11/14 11:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\kKjIc02097
[2010/11/14 11:42:00 | 000,047,490 | ---- | M] () -- C:\Windows\SysWow64\lsp5E7E.dll
[2010/11/14 11:42:00 | 000,000,004 | -H-- | M] () -- C:\Windows\SysWow64\iexplore.sy_
:Commands
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Uninstall old Adobe Reader versions and get the latest one (9.4 + update 9.4.1 for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* If internet works, go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Post back its report (if connection was available) + fresh OTL.txt log.
frequencyyy
2010-11-23, 01:36
Hi,
When I turn on the computer normally, without Safe Mode,
[Lvddhfngmve]hexdump.exe
Lvddhfngotdinstall.exe
Lvddhfngpb]login.exe
[Lvddhfngpta]services.exe
and iexplorer and a lot of svchosts start running..
and it tries to connect to the unrecognized connection. . . (this is what I'm most paranoid about)
but it only detects some of them if I run scans in Safe Mode, and they don't even start up .
So, am I messing the process of fixing my computer up if I run them in Safe Mode?
frequencyyy
2010-11-23, 01:56
I get a error when I try to run that fix, and it says that it's unable to create the log report . .
frequencyyy
2010-11-23, 02:29
Alright when even when I turn on my computer in Safe Mode without networking, a bunch of unnecessary programs and services are starting up.
And I had around 9 svchosts.exe s running when I usually only have 1 or 2, and they disappear after start up.
frequencyyy
2010-11-23, 06:55
AlriGht well when I was running ESET I honestly was nervous during the entire scan, and the scan froze, so I closed it and didn't try again. ( It managed to find win32. RUM Trojan , before it froze though.
So I called a cousin who knew more about computers and such than me, hoping he could help, he told me to just follow the path of the unrecognized processes, and delete the file, and that I did, and it seems to be working fine now.
Although I wouldnt be suprised if a new problem came up tomorrow.
So yeah, OTL couldnt produce log, I tried in normal mode, safe, and safe with networking.
I didn't follow through with ESET.
My computer seems fairly better, how ever if you still have time, and could help me find/get rid of all traces of infections,if there are any thatd be great
thank you
Hi,
Please see if you're able to run OTL with minimal output selected in its options. Make sure protection software is disabled while doing this.
frequencyyy
2010-11-23, 21:34
Tried, still unable to create loG.
frequencyyy
2010-11-24, 02:49
Scanned with ESET again:
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwel.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentws.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudPack.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinTDSSgen.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinTDSSgen5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudAntiMalwares.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentwel.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudPack.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinTDSSgen.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinTDSSgen5.zip Win32/Bagle.gen.zip worm
C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\32a7e790-70cb598d multiple threats
C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7f64d327-35cb883c multiple threats
C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5837bdbc-1df748a2 multiple threats
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan
C:\Windows\drweb.exe Win32/Agent.RUM trojan
C:\Windows\winamp.exe Win32/Agent.RUM trojan
C:\Windows\System32\FastUv32.dll a variant of Win32/Wimpixo.AA trojan
C:\Windows\System32\k0134b1yc.dll Win32/TrojanDownloader.Small.NFD trojan
C:\Windows\System32\lsp5E7E.dll Win32/TrojanClicker.Agent.NMF trojan
C:\Windows\System32\uznec0.dll Win32/TrojanDownloader.Small.NFD trojan
C:\Windows\System32\xsl3g.dll Win32/TrojanDownloader.Small.NFD trojan
C:\Windows\SysWOW64\FastUv32.dll a variant of Win32/Wimpixo.AA trojan
C:\Windows\SysWOW64\k0134b1yc.dll Win32/TrojanDownloader.Small.NFD trojan
C:\Windows\SysWOW64\lsp5E7E.dll Win32/TrojanClicker.Agent.NMF trojan
C:\Windows\SysWOW64\uznec0.dll Win32/TrojanDownloader.Small.NFD trojan
C:\Windows\SysWOW64\xsl3g.dll Win32/TrojanDownloader.Small.NFD trojan
Operating memory Win32/TrojanClicker.Agent.NMF trojan
Hi,
Please see if you're able to run DDS.
frequencyyy
2010-11-25, 09:58
pev.dat crashhes everytime
Hi,
Upload these files to http://www.virustotal.com and post back the results:
c:\windows\explorer.exe
c:\windows\system32\winlogon.exe
frequencyyy
2010-11-25, 22:07
For Explorer;
MD5 : bbd8e74f23d7605cb0cdb57a1b25d826
SHA1 : d84af003a6a9dcf6ca9bd68bb66f2b96dcd1fce8
SHA256: 2e5e05f85aa53789a88cccb98dc6a52864492cf92f259ed24f4ffd894e91d096
ssdeep: 24576:F3/xDOesUVC38HDINpGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:FPxDOesUVPHDIvLC8A7/e
Fw33l
File size : 3080704 bytes
First seen: 2009-02-11 18:51:24
Last seen : 2010-11-25 21:04:09
TrID:
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.0.6001.18164 (vistasp1_gdr.081028-1730)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x23550
timedatestamp....: 0x4907E791 (Wed Oct 29 04:33:21 2008)
machinetype......: 0x8664 (AMD64)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x731B9, 0x73200, 6.29, 035ef792c6c677dda650715b324ea77b
.rdata, 0x75000, 0x19A64, 0x19C00, 4.63, a948cba1882a42bc64d94d561990b7e3
.data, 0x8F000, 0x2FFA, 0x2E00, 0.86, 2db36e4ae57f1a7f36ba150aab05b050
.pdata, 0x92000, 0x858C, 0x8600, 5.97, 5e3de5edca57db3504ae375153bbbfa9
.rsrc, 0x9B000, 0x2566A0, 0x256800, 7.04, 4c8ed0154caccb7d6d39343edc8c8e27
.reloc, 0x2F2000, 0x1188, 0x1200, 5.39, 7a0d23ff7ebf06fd655b80e02cb2ae13
[[ 19 import(s) ]]
ADVAPI32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, EventEnabled, EventWrite, EventRegister, EventUnregister, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
KERNEL32.dll: GetCurrentProcessId, MultiByteToWideChar, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetLocaleInfoW, GetSystemWindowsDirectoryW, FlushInstructionCache, SetLastError, RaiseException, CreateFileW, GetFileSize, ReadFile, LoadLibraryA, GetModuleHandleW, OpenEventW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, GlobalGetAtomNameW, ExpandEnvironmentStringsW, GetUserDefaultUILanguage, SystemTimeToFileTime, GetSystemTime, SetEvent, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GetUserDefaultLangID, GetPrivateProfileIntW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetBinaryTypeW, CompareFileTime, GetSystemTimeAsFileTime, MulDiv, GetTickCount, CompareStringOrdinal, lstrcmpiW, ExitProcess, GetTimeZoneInformation, SetFilePointer, DeleteCriticalSection, HeapDestroy, RegisterApplicationRestart, SetTermsrvAppInstallMode, CreateEventW, GetSystemDirectoryW, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, InitializeCriticalSection, GetCurrentProcess, SetErrorMode, FreeLibrary, GetProcAddress, GetEnvironmentVariableW, QueryPerformanceFrequency, GetFileAttributesExW, GetLongPathNameW, QueueUserWorkItem, GetProcessTimes, GetProcessId, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, GetModuleHandleA, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, GlobalAlloc, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, WaitForSingleObject, HeapAlloc, HeapFree, GetProcessHeap, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, GetCommandLineW, GetStartupInfoW, OpenProcess, LocalFree, LocalAlloc, GetLastError, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, CreateJobObjectW, CloseHandle, LoadLibraryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedPushEntrySList, VirtualAlloc, InterlockedPopEntrySList, VirtualFree, DelayLoadFailureHook
GDI32.dll: GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, SetWindowOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, CreatePatternBrush, GetTextMetricsW, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, PatBlt, GetBkColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, CreateFontIndirectW, CreateSolidBrush, SetBkMode, SetTextColor, GetObjectW, DeleteObject, GetPixel, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps
USER32.dll: GetScrollInfo, SetScrollInfo, SendMessageCallbackW, GetWindowLongPtrW, SwitchToThisWindow, EnableMenuItem, IsZoomed, IsIconic, GetSystemMenu, IsWindowVisible, GetWindowInfo, GetMonitorInfoW, MonitorFromWindow, GetWindowThreadProcessId, IsRectEmpty, KillTimer, SetTimer, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsWindow, SetFocus, GetFocus, GetMenuItemCount, LoadImageW, TrackPopupMenuEx, GetSubMenu, SetMenuDefaultItem, SetMenuInfo, LoadMenuW, InsertMenuItemW, SetForegroundWindow, DestroyIcon, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, CharUpperBuffW, GetWindowLongPtrA, PostQuitMessage, SetWindowLongPtrW, ShutdownBlockReasonCreate, LoadStringW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, UnregisterClassW, DestroyWindow, UpdateWindow, GetDesktopWindow, RegisterClassExW, EndPaint, SetLayeredWindowAttributes, LoadBitmapW, BeginPaint, InvalidateRect, DefWindowProcW, ShowWindow, MoveWindow, PostMessageW, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, ActivateKeyboardLayout, GetKeyboardLayout, IsProcessDPIAware, SetClassLongW, GetDCEx, PrintWindow, SetWindowLongW, GetPropW, GetGUIThreadInfo, GetCapture, GetNextDlgGroupItem, GetDlgCtrlID, GetNextDlgTabItem, ChildWindowFromPointEx, GetWindowDC, CharUpperW, SetWindowLongPtrA, RegisterClipboardFormatW, ReleaseCapture, SetWinEventHook, UnhookWinEvent, GetUserObjectInformationW, GetProcessWindowStation, LoadIconW, GetClassLongPtrW, GetIconInfo, InternalGetWindowText, GetShellWindow, SetProcessDPIAware, ReleaseDC, GetKeyState, GetForegroundWindow, IsWindowEnabled, GetAncestor, ShowWindowAsync, BringWindowToTop, MsgWaitForMultipleObjectsEx, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, EnableWindow, SetDlgItemInt, GetDlgItemInt, CheckDlgButton, SetParent, CopyIcon, DrawFocusRect, NotifyWinEvent, LockWorkStation, RegisterClassW, LoadCursorW, CascadeWindows, TileWindows, GetClassInfoExW, GetMenuItemID, TrackPopupMenu, FillRect, GetParent, CloseDesktop, OpenInputDesktop, GetThreadDesktop, EndTask, SetThreadDesktop, GetWindowLongW, EnumChildWindows, SendMessageW, MonitorFromRect, MapWindowPoints, AdjustWindowRectEx, SetRectEmpty, SetActiveWindow, DeregisterShellHookWindow, SetScrollPos, GetDlgItem, FlashWindowEx, GetClientRect, SetClassLongPtrW, GetClassLongW, GetClassInfoW, DrawTextW, GetSysColor, ScreenToClient, ClientToScreen, GetWindowRect, PtInRect, GetWindow, GetAsyncKeyState, HungWindowFromGhostWindow, GhostWindowFromHungWindow, IsDlgButtonChecked, EndDialog, GetSysColorBrush, UnionRect, EqualRect, IsHungAppWindow, GetLastActivePopup, AppendMenuW, WindowFromPoint, CheckMenuItem, ExitWindowsEx, DrawEdge, GetMessagePos, SetCursorPos, ChildWindowFromPoint, SendDlgItemMessageW, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, GetActiveWindow, MessageBeep, RemovePropW, GetLastInputInfo, GetWindowPlacement, GetWindowRgnBox, UpdateLayeredWindow, SetWindowRgn, SendMessageTimeoutW, OffsetRect, RedrawWindow, SubtractRect, WaitMessage, TranslateAcceleratorW, GetClassNameW, EnumDisplayMonitors, IntersectRect, LoadAcceleratorsW, SendNotifyMessageW, InflateRect, SetWindowPlacement, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockSetForegroundWindow, CopyRect, SetRect, MonitorFromPoint, SetPropW, ModifyMenuW, InsertMenuW, GetMenuState, GetMessageW, TranslateMessage, DispatchMessageW, CharNextW, CharPrevW, CreatePopupMenu, GetMenuDefaultItem, EnumWindows, RegisterShellHookWindow, IsChild, GetCursorPos, GetDC, FindWindowW, GetSystemMetrics, DestroyMenu, SystemParametersInfoW, SetWindowTextW
msvcrt.dll: free, _vsnwprintf, memset, memcpy, memcmp, _terminate@@YAXXZ, _onexit, realloc, memmove, malloc, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _lock, __dllonexit, _unlock, __set_app_type, _fmode, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode
ntdll.dll: NtClose, NtOpenThreadToken, NtQueryInformationToken, RtlGetProductInfo, NtOpenProcessToken, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
SHLWAPI.dll: PathGetDriveNumberW, -, StrChrIW, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, -, AssocQueryStringW, StrCmpW, -, PathParseIconLocationW, AssocQueryKeyW, PathIsPrefixW, -, -, -, -, SHOpenRegStream2W, -, -, PathFileExistsW, PathFindExtensionW, PathRemoveExtensionW, -, -, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, SHSetValueW, -, -, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, SHGetValueW, PathFindFileNameW, -, PathGetArgsW, SHSetThreadRef, SHCreateThreadRef, PathCombineW, -, -, -, -, -, StrChrW, StrToIntW, SHRegGetValueW, -, SHStrDupW, -, -, -, -, -, -, -, -, StrCmpNW, -, -, -, -, -, -, -, PathMatchSpecW, SHQueryValueExW, AssocCreate, StrCmpIW, -, PathIsRootW, PathIsNetworkPathW, -, SHQueryInfoKeyW, StrRetToBufW, -, -, -, -, -, StrStrIW, -, StrPBrkW, -, -, -, -, StrRetToStrW, PathStripToRootW
SHELL32.dll: SHGetDesktopFolder, -, -, -, -, SHGetIDListFromObject, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetFolderPathW, -, -, -, SHBindToFolderIDListParentEx, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, ShellExecuteW, -, -, -, SHGetPathFromIDListA, -, -, -, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, Shell_NotifyIconW, -, -, -, SHGetFolderPathAndSubDirW, ExtractIconExW, Shell_GetCachedImageIndexW, -, -, SHGetSpecialFolderLocation, -, SHBindToParent, -, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, SHBindToObject, -, SHGetSpecialFolderPathW, -, SHGetFolderLocation, -, -, SHParseDisplayName, -, -, -
ole32.dll: CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, StringFromGUID2, CoGetObject, RegisterDragDrop, RevokeDragDrop, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoFreeUnusedLibraries, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx
OLEAUT32.dll: -, -, -, -, -, -
SHDOCVW.dll: -, -
UxTheme.dll: GetThemeColor, DrawThemeTextEx, GetThemeFont, GetThemeBackgroundRegion, GetThemeBool, IsCompositionActive, IsAppThemed, SetWindowTheme, GetThemeTextExtent, DrawThemeText, DrawThemeBackground, GetThemeRect, GetThemeMargins, GetThemeInt, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemeMetric, GetThemePartSize, GetThemeBackgroundContentRect, IsThemePartDefined
POWRPROF.dll: GetPwrCapabilities
dwmapi.dll: -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmIsCompositionEnabled, DwmUnregisterThumbnail, DwmRegisterThumbnail
gdiplus.dll: GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipLoadImageFromFile, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDisposeImage, GdipAlloc, GdipFree, GdipCreateBitmapFromStream
slc.dll: SLGetWindowsInformationDWORD
RPCRT4.dll: RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFree, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingFromStringBindingW, NdrClientCall3
PROPSYS.dll: VariantToInt32WithDefault, VariantToStringAlloc, PSCreateMemoryPropertyStore, VariantToStringWithDefault, VariantToBooleanWithDefault, PSGetPropertyDescription, PropVariantToStringAlloc, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyKeyFromName
BROWSEUI.dll: -, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 471552
CompanyName: Microsoft Corporation
EntryPoint: 0x23550
FileDescription: Windows Explorer
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 2.9 MB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.0.6001.18164 (vistasp1_gdr.081028-1730)
FileVersionNumber: 6.0.6001.18164
ImageVersion: 6.0
InitializedDataSize: 2608128
InternalName: explorer
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: AMD AMD64
OSVersion: 6.0
ObjectFileType: Executable application
OriginalFilename: EXPLORER.EXE
PEType: PE32+
ProductName: Microsoft Windows Operating System
ProductVersion: 6.0.6001.18164
ProductVersionNumber: 6.0.6001.18164
Subsystem: Windows GUI
SubsystemVersion: 6.0
TimeStamp: 2008:10:29 05:33:21+01:00
UninitializedDataSize: 0
0/43
frequencyyy
2010-11-25, 22:11
MD5 : c2610b6bdbefc053bbdab4f1b965cb24
SHA1 : 145787476862969411875c30e3ef177bc8ac1863
SHA256: ec983e197c7da467efc98c42b43e34b1b437405f6b51678dab9f7f3400ea62fe
ssdeep: 6144:gam4x9KwscGBPJOfcNttCYLBdJ+nhYW9UK0IGiR8Bq2:s4x9SdFqapKpmR
File size : 314880 bytes
First seen: 2009-02-11 16:42:50
Last seen : 2010-11-25 21:09:40
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x25EA4
timedatestamp....: 0x47918DB3 (Sat Jan 19 05:42:11 2008)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x4165A, 0x41800, 6.41, 3106dc0063142b51faf25b9da1fe6caa
.data, 0x43000, 0x2C38, 0x2200, 3.07, 3021c3dae2096bd3bb4c1cec9be0a297
.rsrc, 0x46000, 0x4B28, 0x4C00, 3.72, 4ed5330dad028d87e0fac97387ae8831
.reloc, 0x4B000, 0x43A2, 0x4400, 6.50, 05640a7a08242831a2c51d2069ecfb1a
[[ 10 import(s) ]]
ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle
KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, GetTickCount64, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, WaitForSingleObject, LoadResource, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport
USER32.dll: CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, SetThreadDesktop, SetForegroundWindow, SetWindowPos, GetDesktopWindow, CancelShutdown, GetWindowLongW, GetWindowRect, LoadStringW, SendMessageW, GetDlgItem, LoadImageW, EndDialog, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, FindWindowW, UpdatePerUserSystemParameters, SetWindowStationUser, UnlockWindowStation, LockWindowStation, GetSystemMetrics, GetAsyncKeyState, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, GetParent, EnumWindows, CloseDesktop
msvcrt.dll: wcsncmp, iswalnum, iswalpha, _snwscanf_s, _wcsupr, strncmp, wcsnlen, ___U@YAPAXI@Z, ___V@YAXPAX@Z, swscanf, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, _wcslwr, wcscpy_s, wcscat_s, _wcsnicmp, swprintf_s, _ultow_s, wcstoul, printf, wcsstr, __isascii, isupper, _tolower
ntdll.dll: RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlInitString, RtlCopySid, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, DbgBreakPoint, RtlTimeToSecondsSince1980, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, RtlDestroyEnvironment, RtlLengthSid, RtlInitializeCriticalSection, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, NtQuerySystemInformation, RtlFreeUnicodeString, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlAdjustPrivilege, NtSystemDebugControl, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlpVerifyAndCommitUILanguageSettings, RtlDeleteCriticalSection, RtlRemovePrivileges, NtCreateToken
Secur32.dll: GetUserNameExW, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaCallAuthenticationPackage, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, LsaFreeReturnBuffer
WINSTA.dll: WinStationFreeUserCredentials, WinStationGetUserCredentials, WinStationDisconnect, _WinStationWaitForConnect, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession
RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerInqBindings, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerRegisterIfEx
PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW
USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 268288
CompanyName: Microsoft Corporation
EntryPoint: 0x25ea4
FileDescription: Windows Logon Application
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 308 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.0.6001.18000 (longhorn_rtm.080118-1840)
FileVersionNumber: 6.0.6001.18000
ImageVersion: 6.0
InitializedDataSize: 48640
InternalName: winlogon
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Executable application
OriginalFilename: WINLOGON.EXE
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.0.6001.18000
ProductVersionNumber: 6.0.6001.18000
Subsystem: Windows GUI
SubsystemVersion: 6.0
TimeStamp: 2008:01:19 06:42:11+01:00
UninitializedDataSize: 0
frequencyyy
2010-11-25, 22:11
And all the viruses are back again . . .
Hi,
If you're able to run & update MBAM please do so (full scan and let MBAM delete found items). Also, please see if you're able to make DDS or OTL run in normal/safe mode.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.