View Full Version : Please Help been infected with the SVCHOST.exe virus now for 3 months
nauticaice
2011-07-15, 07:47
SVCHOST.exe is running several processes was not like this prior to infection and is freezing up my CPU at times.. i've tried the manual fix researching on google.. im running windows vista 32 bit and cant seem to run updates as well, im on service pack 1, and have tried to auto download and manual download service pack 2 but to no avail..
plzz help :)
greatly appreciate it!!
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
nauticaice
2011-07-19, 18:21
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by mike at 9:17:15 on 2011-07-19
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1066 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy9152009\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AOL\1253328587\ee\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy9152009\TeaTimer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
mURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: SafeOnline BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - c:\windows\system32\PxSecure.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Loader: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} -
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RMTray.exe" /H
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy9152009\TeaTimer.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [SnapfishMediaDetector] "c:\program files\snapfish media detector\SnapfishMediaDetector.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HostManager] "c:\program files\common files\aol\1253328587\ee\AOLSoftware.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\motupe~1.lnk - c:\windows\installer\{faaf4f08-107f-42b4-b01c-b5bacb65e7d3}\_B46567FF76B580C507E5B5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DED016E1-85DE-4016-81C9-1DDF14D8BBDB} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: msdaipp - <Clsid value has no data>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ds97wq52.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://heat.infopop.cc/eve/forums/a/frm/f/5700037552
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-7-1 32008]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-7-1 76696]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-30 20328]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-7-1 6416120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy9152009\SDWinSec.exe [2009-9-16 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-12 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-8 33792]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys [2007-1-4 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2007-1-4 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2007-1-4 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2007-1-4 23288]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2007-1-4 233720]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-7-1 26096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\system32\drivers\akMPC4kU.sys [2008-1-4 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-23 84832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RDID1045;Roland FANTOM-X;c:\windows\system32\drivers\Rdwm1045.sys [2008-3-26 56832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2008-4-19 33736]
.
=============== Created Last 30 ================
.
2011-07-13 16:21:14 -------- d-----w- C:\Boot
2011-07-13 15:25:33 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-13 02:04:07 -------- d-----w- C:\$UPGRADE.~OS
2011-07-12 08:43:33 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3e7c1d15-5daa-4fbe-9499-a317a451b6bd}\mpengine.dll
2011-07-04 16:16:39 -------- d-----w- c:\users\mike\appdata\local\Threat Expert
2011-07-04 15:00:52 -------- d-----w- c:\users\mike\appdata\local\Microsoft Corporation
2011-07-04 14:58:07 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-07-03 18:02:53 -------- d-----w- C:\a0b361025e3d44ce46
2011-07-01 17:36:42 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-07-01 17:36:41 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-01 17:36:41 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-07-01 17:36:41 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-01 17:36:40 -------- d-----w- c:\program files\Prevx
2011-07-01 17:36:34 -------- d-----w- c:\programdata\PrevxCSI
2011-06-29 04:57:13 -------- d-----w- c:\users\mike\appdata\roaming\SUPERAntiSpyware.com
2011-06-29 04:57:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-27 17:28:47 -------- d-----w- C:\b0b8de39e9875857da
2011-06-27 17:04:19 -------- d-----w- C:\bb319ffcc615153c4ddb212a
2011-06-26 15:36:27 -------- d-----w- C:\5a6ad2b718438086fbb0f2
2011-06-24 10:04:38 5646 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-23 18:14:44 -------- d-sh--w- C:\found.005
.
==================== Find3M ====================
.
2011-05-25 02:14:10 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-19 07:58:51 1022789 ----a-w- c:\programdata\bdinstall.bin
.
============= FINISH: 9:17:26.24 ===============
nauticaice
2011-07-19, 18:23
anddd the attachment :)
Hi,
Looks like you have ESET as your main AntiVirus, so you can uninstall C:\Program Files\McAfee Security Scan via Programs and Features in the Control Panel.
C:\Program Files\Registry Mechanic <-- I would uninstall this as well unless your a windows expert and know exactly what its removing, even the better registry cleaners remove legit stuff once in awhile, remove the wrong entry or entries and you can make your system unbootable, you really should not fool around with any reg cleaners, there not recommended.
ASK.com <--While your in Programs and Features, remove anything related to ASK and also anything related to Viewpoint Manager
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
nauticaice
2011-07-20, 09:38
malwarebytes log as requested
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7208
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
7/20/2011 12:29:32 AM
mbam-log-2011-07-20 (00-29-32).txt
Scan type: Quick scan
Objects scanned: 188110
Time elapsed: 11 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\mike\downloads\errorwiz_setup.exe (Rogue.ErrorWiz) -> Quarantined and deleted successfully.
nauticaice
2011-07-20, 09:41
i have an antivirus trial program named Prevx 3.0 that is detecting malware, "medium risk malware" -- file name otto.exe in the C:\program files\hp games directory
since im on the free trial, it will not give me the option to quarantine it.. should i manually delete or hold off til further directions from ya. by the way malwarebytes did not detect this particular infection.
That otto.exe could be a questionable file but I dont see it on your system.
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\program files\hp games directory <--Look for otto.exe here
If the site is busy you can try this one
http://virusscan.jotti.org/en
Then before we continue, pick one antivirus that you want to keep and uninstall the other ones, more than one is overkill and will severely hamper system performance and can cause all sorts of other problems
nauticaice
2011-07-20, 18:49
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: otto.exe
Submission date: 2011-07-20 16:40:51 (UTC)
Current status: finished
Result: 1/ 43 (2.3%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.20.06 2011.07.20 -
AntiVir 7.11.12.15 2011.07.20 -
Antiy-AVL 2.0.3.7 2011.07.20 -
Avast 4.8.1351.0 2011.07.20 -
Avast5 5.0.677.0 2011.07.20 -
AVG 10.0.0.1190 2011.07.20 -
BitDefender 7.2 2011.07.20 -
CAT-QuickHeal 11.00 2011.07.20 -
ClamAV 0.97.0.0 2011.07.20 -
Commtouch 5.3.2.6 2011.07.20 -
Comodo 9448 2011.07.20 -
DrWeb 5.0.2.03300 2011.07.20 -
Emsisoft 5.1.0.8 2011.07.20 -
eSafe 7.0.17.0 2011.07.20 -
eTrust-Vet 36.1.8454 2011.07.20 -
F-Prot 4.6.2.117 2011.07.20 -
F-Secure 9.0.16440.0 2011.07.20 -
Fortinet 4.2.257.0 2011.07.20 -
GData 22 2011.07.20 -
Ikarus T3.1.1.104.0 2011.07.20 -
Jiangmin 13.0.900 2011.07.20 -
K7AntiVirus 9.108.4929 2011.07.20 -
Kaspersky 9.0.0.837 2011.07.20 -
McAfee 5.400.0.1158 2011.07.20 Corrupt-AH!9C58D2097376
McAfee-GW-Edition 2010.1D 2011.07.20 -
Microsoft 1.7000 2011.07.20 -
NOD32 6311 2011.07.20 -
Norman 6.07.10 2011.07.20 -
nProtect 2011-07-20.01 2011.07.20 -
Panda 10.0.3.5 2011.07.20 -
PCTools 8.0.0.5 2011.07.20 -
Prevx 3.0 2011.07.20 -
Rising 23.67.02.03 2011.07.20 -
Sophos 4.67.0 2011.07.20 -
SUPERAntiSpyware 4.40.0.1006 2011.07.20 -
Symantec 20111.1.0.186 2011.07.20 -
TheHacker 6.7.0.1.257 2011.07.18 -
TrendMicro 9.200.0.1012 2011.07.20 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.20 -
VBA32 3.12.16.4 2011.07.20 -
VIPRE 9904 2011.07.19 -
ViRobot 2011.7.20.4579 2011.07.20 -
VirusBuster 14.0.132.0 2011.07.20 -
Additional informationShow all
MD5 : 9c58d20973768225510bc340df539aa7
SHA1 : 797e150661eea187ed4e7ed9aa38122800c484fe
SHA256: 5b722f8658464c48852aba9a543d23eeabb31649f76eb7c207c23d5c72cd08b3
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
nauticaice
2011-07-20, 19:08
I'd like to keep malwarebytes as my antiviral, im unable to remove eset i had trouble deleting it with the program uninstaller so i Manually moved everything over to the recycle bin:oops: so now whenever i try to install new antiviral, kaspersky will detect eset and will say please remove before installing because of incompatibility, so i'll go to the control panel programs to uninstall, but to no avail- i'll get a pop up screen that says titled "windows installer click ok to try again or enter an alternate path to a folder containing the installation package 'eav_nt32_enu.msi' in the box below. then it asks me to browse my directories for this file. This has been on my table now for awhile now
Otto appears to be ok
Malwarebytes is fine, its one of the better programs to come along in awhile, but its not an Anti Virus program, its anti spyware, you still need ONE AV.
You can find a removal tool for ESET here, what you may have done was not a complete uninstall
http://kb.eset.com/esetkb/index?page=content&id=SOLN2116
nauticaice
2011-07-20, 22:16
thx so much for the link was unable to download without a password/username at first, had to call their customer service got ESET finally out:alien:, now i have settled into using Kaspersky internet security as my AV
awaiting next stepppp :bigthumb:
Lets run these two, they wont take long
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
nauticaice
2011-07-21, 23:23
aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 14:10:59
-----------------------------
14:10:59.364 OS Version: Windows 6.0.6001 Service Pack 1
14:10:59.365 Number of processors: 2 586 0x6B01
14:10:59.367 ComputerName: MIKE-PC UserName: mike
14:11:34.790 Initialize success
14:11:43.673 AVAST engine defs: 11072001
14:11:53.713 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
14:11:53.719 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 6
14:11:53.757 Disk 0 MBR read successfully
14:11:53.761 Disk 0 MBR scan
14:11:53.794 Disk 0 unknown MBR code
14:11:53.799 Disk 0 scanning sectors +625137345
14:11:53.867 Disk 0 scanning C:\Windows\system32\drivers
14:12:16.187 Service scanning
14:12:18.414 Disk 0 trace - called modules:
14:12:18.446 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys
14:12:18.452 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8883eac8]
14:12:18.456 3 CLASSPNP.SYS[8a7af745] -> nt!IofCallDriver -> [0x8795b158]
14:12:18.460 5 acpi.sys[8540e6a0] -> nt!IofCallDriver -> \Device\00000069[0x879bdb88]
14:12:20.238 AVAST engine scan C:\Windows
14:12:32.846 AVAST engine scan C:\Windows\system32
14:17:25.050 AVAST engine scan C:\Windows\system32\drivers
14:17:49.916 AVAST engine scan C:\Users\mike
15:05:39.260 AVAST engine scan C:\ProgramData
15:15:54.435 Scan finished successfully
10:23:01.329 Disk 0 MBR has been saved successfully to "C:\Users\mike\Desktop\MBR.dat"
10:23:01.361 The log file has been saved successfully to "C:\Users\mike\Desktop\aswMBR.txt"
nauticaice
2011-07-21, 23:24
OTL logfile created on: 7/21/2011 10:33:48 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mike\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 61.41% Memory free
3.99 Gb Paging File | 2.66 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.24 Gb Total Space | 80.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.89 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy9152009\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\AOL\1253328587\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SymAppCore) -- File not found
SRV - (PLFlash DeviceIoControl Service) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy9152009\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RDID1045) -- C:\Windows\System32\drivers\Rdwm1045.sys (Roland Corporation)
DRV - (mfwamidi) -- C:\Windows\System32\drivers\MFWAMIDI.sys (Mark of the Unicorn)
DRV - (mfwagsif) -- C:\Windows\System32\drivers\mfwagsif.sys (Mark of the Unicorn)
DRV - (MotuFWA) -- C:\Windows\System32\drivers\motufwa.sys (Mark of the Unicorn)
DRV - (mfwawave) -- C:\Windows\System32\drivers\MFWAWave.sys (Mark of the Unicorn)
DRV - (motubus) -- C:\Windows\System32\drivers\motubus.sys (Mark of the Unicorn)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (akMPC4kU) -- C:\Windows\System32\drivers\akMPC4kU.sys (AKAI professional M.I. Corp.)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://heat.infopop.cc/eve/forums/a/frm/f/5700037552"
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}:1.72.0
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/13 09:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/19 21:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/07/20 13:00:48 | 000,000,000 | ---D | M]
[2009/01/07 16:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2011/07/12 12:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\vshareus@toolbar
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/13 09:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
[2011/07/19 21:02:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/10 12:00:05 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/05/16 13:01:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2010/07/27 10:01:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1253328587\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy9152009\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1427494975-2143899584-4123375682-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
nauticaice
2011-07-21, 23:25
========== Files/Folders - Created Within 30 Days ==========
[2011/07/20 13:59:21 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010
[2011/07/20 12:56:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 00:37:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Adobe
[2011/07/20 00:35:40 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/19 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 22:42:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/19 22:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 22:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/07/17 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/17 11:12:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/13 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/13 09:21:14 | 000,000,000 | ---D | C] -- C:\Boot
[2011/07/13 08:25:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/12 19:04:07 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2011/07/04 09:16:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Threat Expert
[2011/07/04 08:00:52 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Microsoft Corporation
[2011/07/04 07:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/03 11:02:53 | 000,000,000 | ---D | C] -- C:\a0b361025e3d44ce46
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/27 10:28:47 | 000,000,000 | ---D | C] -- C:\b0b8de39e9875857da
[2011/06/27 10:04:19 | 000,000,000 | ---D | C] -- C:\bb319ffcc615153c4ddb212a
[2011/06/26 08:36:27 | 000,000,000 | ---D | C] -- C:\5a6ad2b718438086fbb0f2
[2011/06/23 11:14:44 | 000,000,000 | -HSD | C] -- C:\found.005
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2049/12/31 16:00:00 | 000,226,127 | ---- | M] () -- C:\Users\mike\Documents\00224662.pdf
[2049/12/31 16:00:00 | 000,045,683 | ---- | M] () -- C:\Users\mike\Documents\00224661.pdf
[2011/07/21 10:23:01 | 000,000,512 | ---- | M] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/21 10:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 10:13:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 10:13:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 09:59:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 14:29:55 | 000,000,242 | -HS- | M] () -- C:\Windows\KLIF.spi
[2011/07/20 14:07:50 | 000,002,419 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk
[2011/07/20 14:06:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 14:06:12 | 2011,652,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 14:00:10 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 13:25:05 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 13:25:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:25:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 00:35:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,000,932 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | M] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/14 17:00:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/12 22:11:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/12 19:07:03 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2011/07/12 19:06:24 | 000,003,096 | ---- | M] () -- C:\Users\mike\Desktop\Windows Compatibility Report.htm
[2011/07/12 14:39:33 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/12 12:12:54 | 000,000,134 | ---- | M] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/01 10:36:34 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/28 20:10:56 | 002,288,600 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/26 09:26:38 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/06/24 03:04:39 | 000,606,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/24 03:04:38 | 000,105,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/23 11:35:36 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/21 10:23:01 | 000,000,512 | ---- | C] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/20 14:29:55 | 000,000,242 | -HS- | C] () -- C:\Windows\KLIF.spi
[2011/07/20 13:02:25 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:02:24 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 12:53:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/20 12:48:51 | 2011,652,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/19 22:44:02 | 000,000,932 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | C] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/12 20:28:06 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2011/07/12 12:12:54 | 000,000,134 | ---- | C] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/04 09:42:09 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2011/07/04 09:16:46 | 000,003,096 | ---- | C] () -- C:\Users\mike\Desktop\Windows Compatibility Report.htm
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/04 07:58:08 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/07/04 07:58:08 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/01 10:36:34 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 09:26:38 | 000,065,536 | ---- | C] () -- C:\Windows\SPInstall.etl
[2010/12/30 11:07:22 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/12/30 11:07:14 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/30 11:07:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/19 15:11:19 | 000,207,088 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/23 11:43:52 | 001,022,789 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/04/19 19:32:19 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010/04/19 19:24:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010/02/10 23:30:51 | 000,000,552 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d8caps.dat
[2010/01/16 18:51:40 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2009/10/24 19:25:25 | 000,000,192 | ---- | C] () -- C:\Users\mike\AppData\Roaming\wklnhst.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/31 10:45:50 | 000,000,056 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/06/16 09:23:42 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\prvlcl.dat
[2009/03/23 01:52:46 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/03/23 01:27:32 | 000,747,566 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2008/08/19 03:02:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/19 03:02:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/07 17:13:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/08 23:20:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2008/04/04 16:35:21 | 000,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll
[2008/04/02 16:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/26 14:37:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1045.dll
[2008/03/26 14:37:35 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1045.DAT
[2008/03/19 00:19:26 | 000,013,281 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008/03/18 23:24:45 | 000,008,457 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2008/02/26 14:30:51 | 000,000,087 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FW CueMix Prefs.prefs
[2008/02/20 19:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/17 22:43:30 | 002,433,400 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/01/31 23:08:08 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2008/01/30 04:01:29 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/18 14:40:18 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2007/12/12 14:50:13 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2007/12/12 14:50:08 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\deskMenu2.dll
[2007/09/20 03:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 03:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 03:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 03:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 03:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 03:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 03:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 03:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 03:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 03:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 03:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 03:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 03:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 03:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 03:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 03:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 03:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/11 00:11:52 | 000,203,264 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/03 20:50:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/10 12:04:56 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/07/10 11:40:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/07/10 11:36:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/07/10 11:36:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,445,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,606,352 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,056 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/07 18:54:16 | 004,628,480 | ---- | C] () -- C:\Windows\System32\smh-qt-mt333.dll
[2004/08/09 15:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ddcvt.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/02/14 13:54:49 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\.BitTornado
[2007/09/03 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\acccore
[2011/07/13 09:18:36 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Antares
[2011/05/21 15:13:12 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\AVG10
[2009/03/22 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\BitDefender
[2008/01/11 11:06:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Cakewalk
[2011/07/13 09:18:45 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Celemony Software GmbH
[2008/04/04 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\deskPDF
[2011/07/13 09:18:45 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\DriverCure
[2009/08/11 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\EarMaster
[2009/11/19 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ESET
[2010/12/16 13:24:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FXpansion
[2008/04/02 12:24:41 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ImgBurn
[2008/04/14 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\KORG
[2011/07/13 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\LimeWire
[2010/12/29 13:51:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Local
[2010/12/11 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NCH Swift Sound
[2010/09/11 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\nyliaqkek
[2011/05/24 09:40:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PC Unleashed Online
[2009/06/30 19:05:28 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Propellerhead Software
[2010/10/23 11:45:32 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\QuickScan
[2007/09/03 11:41:00 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Snapfish
[2009/07/13 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Steinberg
[2011/07/13 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SuperNZB
[2011/07/13 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Template
[2011/07/13 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\uTorrent
[2008/02/13 23:04:39 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Waves
[2008/02/13 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Waves Audio
[2011/07/13 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Waves Preferences
[2009/09/20 04:06:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WinBatch
[2011/07/13 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Xbins
[2011/06/23 11:35:36 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/07/20 13:40:33 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
nauticaice
2011-07-21, 23:25
awaiting the next task :bigthumb:
Hi,
Lets do this
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{21a75414-fb43-11de-834a-00038a000015}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
nauticaice
2011-07-24, 06:55
hey i tried to run the OTL.exe file as instructed and i keep getting an error-
Cannot create file
C:\Windows\System32\drivers\etc\Hosts
Spybot Search and Destroy may have the hosts file locked, go to Programs and features in the Control Panel and uninstall spybot and then run the OTL fix again
nauticaice
2011-07-24, 20:50
just tried to run the OTL file again, prior to this i had kaspersky running-i've since disabled it and now have a different error msg:
Cannot create file
C:\Users\Mike\Downloads\cmd.bat
Lets try running OTL in safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
nauticaice
2011-07-24, 21:54
i ran the code/fix finally in safe mode, however i restarted my computer and ran a new fix therefore losing the scan log that i ran with the fix :oops: SORRY!!
heres the new log/scan you instructed me to run
OTL logfile created on: 7/24/2011 12:41:54 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mike\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.02% Memory free
3.98 Gb Paging File | 2.88 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.24 Gb Total Space | 78.16 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.89 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\AOL\1253328587\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\MOTU\Audio\MFWAKeys.exe ()
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SymAppCore) -- File not found
SRV - (PLFlash DeviceIoControl Service) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RDID1045) -- C:\Windows\System32\drivers\Rdwm1045.sys (Roland Corporation)
DRV - (mfwamidi) -- C:\Windows\System32\drivers\MFWAMIDI.sys (Mark of the Unicorn)
DRV - (mfwagsif) -- C:\Windows\System32\drivers\mfwagsif.sys (Mark of the Unicorn)
DRV - (MotuFWA) -- C:\Windows\System32\drivers\motufwa.sys (Mark of the Unicorn)
DRV - (mfwawave) -- C:\Windows\System32\drivers\MFWAWave.sys (Mark of the Unicorn)
DRV - (motubus) -- C:\Windows\System32\drivers\motubus.sys (Mark of the Unicorn)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (akMPC4kU) -- C:\Windows\System32\drivers\akMPC4kU.sys (AKAI professional M.I. Corp.)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://heat.infopop.cc/eve/forums/a/frm/f/5700037552"
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}:1.72.0
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/13 09:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/19 21:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/07/20 13:00:48 | 000,000,000 | ---D | M]
[2009/01/07 16:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2011/07/12 12:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\vshareus@toolbar
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/13 09:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
[2011/07/19 21:02:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/10 12:00:05 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/05/16 13:01:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/07/24 12:15:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1253328587\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
nauticaice
2011-07-24, 21:54
========== Files/Folders - Created Within 30 Days ==========
[2011/07/21 19:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 13:59:21 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010
[2011/07/20 12:56:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 00:37:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Adobe
[2011/07/20 00:35:40 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/19 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 22:42:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/19 22:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 22:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/07/17 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/17 11:12:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/13 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/13 09:21:14 | 000,000,000 | ---D | C] -- C:\Boot
[2011/07/13 08:25:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/12 19:04:07 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2011/07/04 09:16:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Threat Expert
[2011/07/04 08:00:52 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Microsoft Corporation
[2011/07/04 07:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/03 11:02:53 | 000,000,000 | ---D | C] -- C:\a0b361025e3d44ce46
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/27 10:28:47 | 000,000,000 | ---D | C] -- C:\b0b8de39e9875857da
[2011/06/27 10:04:19 | 000,000,000 | ---D | C] -- C:\bb319ffcc615153c4ddb212a
[2011/06/26 08:36:27 | 000,000,000 | ---D | C] -- C:\5a6ad2b718438086fbb0f2
========== Files - Modified Within 30 Days ==========
[2049/12/31 16:00:00 | 000,226,127 | ---- | M] () -- C:\Users\mike\Documents\00224662.pdf
[2049/12/31 16:00:00 | 000,045,683 | ---- | M] () -- C:\Users\mike\Documents\00224661.pdf
[2011/07/24 12:40:52 | 000,606,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/24 12:40:52 | 000,105,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/24 12:37:53 | 000,002,419 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk
[2011/07/24 12:36:53 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/24 12:36:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 12:36:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 12:36:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/24 12:36:27 | 2009,575,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/24 12:15:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/24 11:59:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 19:41:35 | 000,049,393 | ---- | M] () -- C:\Users\mike\Desktop\519WZwMn6gL._SS500_.jpg
[2011/07/21 10:23:01 | 000,000,512 | ---- | M] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/20 14:00:10 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 13:25:05 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 13:25:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:25:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 00:35:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,000,932 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | M] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/14 17:00:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/12 22:11:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/12 19:07:03 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2011/07/12 19:06:24 | 000,003,096 | ---- | M] () -- C:\Users\mike\Desktop\Windows Compatibility Report.htm
[2011/07/12 14:39:33 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/12 12:12:54 | 000,000,134 | ---- | M] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/01 10:36:34 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/28 20:10:56 | 002,288,600 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/26 09:26:38 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
========== Files Created - No Company Name ==========
[2011/07/24 12:36:27 | 2009,575,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/23 19:41:41 | 000,049,393 | ---- | C] () -- C:\Users\mike\Desktop\519WZwMn6gL._SS500_.jpg
[2011/07/21 10:23:01 | 000,000,512 | ---- | C] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/20 13:02:25 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:02:24 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 12:53:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/19 22:44:02 | 000,000,932 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | C] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/12 20:28:06 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2011/07/12 12:12:54 | 000,000,134 | ---- | C] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/04 09:42:09 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2011/07/04 09:16:46 | 000,003,096 | ---- | C] () -- C:\Users\mike\Desktop\Windows Compatibility Report.htm
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/04 07:58:08 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/07/04 07:58:08 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/01 10:36:34 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 09:26:38 | 000,065,536 | ---- | C] () -- C:\Windows\SPInstall.etl
[2010/12/30 11:07:22 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/12/30 11:07:14 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/30 11:07:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/19 15:11:19 | 000,207,088 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/23 11:43:52 | 001,022,789 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/04/19 19:32:19 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010/04/19 19:24:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010/02/10 23:30:51 | 000,000,552 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d8caps.dat
[2010/01/16 18:51:40 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2009/10/24 19:25:25 | 000,000,192 | ---- | C] () -- C:\Users\mike\AppData\Roaming\wklnhst.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/31 10:45:50 | 000,000,056 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/06/16 09:23:42 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\prvlcl.dat
[2009/03/23 01:52:46 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/03/23 01:27:32 | 000,747,566 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2008/08/19 03:02:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/19 03:02:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/07 17:13:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/08 23:20:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2008/04/04 16:35:21 | 000,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll
[2008/04/02 16:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/26 14:37:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1045.dll
[2008/03/26 14:37:35 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1045.DAT
[2008/03/19 00:19:26 | 000,013,281 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008/03/18 23:24:45 | 000,008,457 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2008/02/26 14:30:51 | 000,000,087 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FW CueMix Prefs.prefs
[2008/02/20 19:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/17 22:43:30 | 002,433,400 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/01/31 23:08:08 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2008/01/30 04:01:29 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/18 14:40:18 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2007/12/12 14:50:13 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2007/12/12 14:50:08 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\deskMenu2.dll
[2007/09/20 03:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 03:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 03:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 03:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 03:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 03:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 03:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 03:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 03:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 03:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 03:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 03:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 03:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 03:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 03:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 03:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 03:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/11 00:11:52 | 000,203,264 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/03 20:50:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/10 12:04:56 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/07/10 11:40:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/07/10 11:36:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/07/10 11:36:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,445,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,606,352 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,056 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/07 18:54:16 | 004,628,480 | ---- | C] () -- C:\Windows\System32\smh-qt-mt333.dll
[2004/08/09 15:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ddcvt.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
Looks like it removed what it was supposed to.
We need to remove this one also unless you set up a proxy server yourself
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
Let me know before we remove it
nauticaice
2011-07-25, 00:52
nooooo i do not i'd most defenitly appreciate it greatly iff we remove it :clown::bigthumb:
Lets try a OTL fix again, after the fix let me know how things are running now
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
nauticaice
2011-07-25, 06:48
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mike\Downloads\cmd.bat deleted successfully.
C:\Users\mike\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: mike
->Temp folder emptied: 34809 bytes
->Temporary Internet Files folder emptied: 77348 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 289381685 bytes
->Flash cache emptied: 8417 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 276.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07242011_213759
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
nauticaice
2011-07-25, 06:59
OTL logfile created on: 7/24/2011 9:51:56 PM - Run 6
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mike\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 50.40% Memory free
3.99 Gb Paging File | 2.89 Gb Available in Paging File | 72.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.24 Gb Total Space | 78.01 Gb Free Space | 26.97% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.89 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\AOL\1253328587\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\MOTU\Audio\MFWAKeys.exe ()
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SymAppCore) -- File not found
SRV - (PLFlash DeviceIoControl Service) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RDID1045) -- C:\Windows\System32\drivers\Rdwm1045.sys (Roland Corporation)
DRV - (mfwamidi) -- C:\Windows\System32\drivers\MFWAMIDI.sys (Mark of the Unicorn)
DRV - (mfwagsif) -- C:\Windows\System32\drivers\mfwagsif.sys (Mark of the Unicorn)
DRV - (MotuFWA) -- C:\Windows\System32\drivers\motufwa.sys (Mark of the Unicorn)
DRV - (mfwawave) -- C:\Windows\System32\drivers\MFWAWave.sys (Mark of the Unicorn)
DRV - (motubus) -- C:\Windows\System32\drivers\motubus.sys (Mark of the Unicorn)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (akMPC4kU) -- C:\Windows\System32\drivers\akMPC4kU.sys (AKAI professional M.I. Corp.)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://heat.infopop.cc/eve/forums/a/frm/f/5700037552"
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}:1.72.0
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/13 09:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/07/13 09:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/19 21:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/07/20 13:00:48 | 000,000,000 | ---D | M]
[2009/01/07 16:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2011/07/12 12:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/13 09:19:17 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\extensions\vshareus@toolbar
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/13 09:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/20 13:03:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
[2011/07/19 21:02:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/10 12:00:05 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/05/16 13:01:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/07/24 21:38:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1253328587\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
nauticaice
2011-07-25, 07:00
========== Files/Folders - Created Within 30 Days ==========
[2011/07/21 19:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 13:59:21 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/20 12:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010
[2011/07/20 12:56:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 00:37:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Adobe
[2011/07/20 00:35:40 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/19 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 22:42:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/19 22:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 22:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/07/17 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/17 11:12:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/13 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/13 09:21:14 | 000,000,000 | ---D | C] -- C:\Boot
[2011/07/13 08:25:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/12 19:04:07 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2011/07/04 09:16:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Threat Expert
[2011/07/04 08:00:52 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Microsoft Corporation
[2011/07/04 07:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/03 11:02:53 | 000,000,000 | ---D | C] -- C:\a0b361025e3d44ce46
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/28 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/27 10:28:47 | 000,000,000 | ---D | C] -- C:\b0b8de39e9875857da
[2011/06/27 10:04:19 | 000,000,000 | ---D | C] -- C:\bb319ffcc615153c4ddb212a
[2011/06/26 08:36:27 | 000,000,000 | ---D | C] -- C:\5a6ad2b718438086fbb0f2
========== Files - Modified Within 30 Days ==========
[2049/12/31 16:00:00 | 000,226,127 | ---- | M] () -- C:\Users\mike\Documents\00224662.pdf
[2049/12/31 16:00:00 | 000,045,683 | ---- | M] () -- C:\Users\mike\Documents\00224661.pdf
[2011/07/24 21:42:54 | 000,002,419 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk
[2011/07/24 21:41:35 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/24 21:40:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 21:40:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 21:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/24 21:40:17 | 2011,652,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/24 21:38:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/24 20:59:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/24 12:40:52 | 000,606,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/24 12:40:52 | 000,105,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/23 19:41:35 | 000,049,393 | ---- | M] () -- C:\Users\mike\Desktop\519WZwMn6gL._SS500_.jpg
[2011/07/21 10:23:01 | 000,000,512 | ---- | M] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/20 14:00:10 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\mike\Desktop\aswMBR.exe
[2011/07/20 13:25:05 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/20 13:25:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:25:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 00:35:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/19 22:44:02 | 000,000,932 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | M] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/14 17:00:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/12 22:11:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/12 20:31:40 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/12 19:07:03 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2011/07/12 12:12:54 | 000,000,134 | ---- | M] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/01 10:36:34 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/28 20:10:56 | 002,288,600 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/26 09:26:38 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
========== Files Created - No Company Name ==========
[2011/07/24 12:36:27 | 2011,652,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/23 19:41:41 | 000,049,393 | ---- | C] () -- C:\Users\mike\Desktop\519WZwMn6gL._SS500_.jpg
[2011/07/21 10:23:01 | 000,000,512 | ---- | C] () -- C:\Users\mike\Desktop\MBR.dat
[2011/07/20 13:02:25 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/20 13:02:24 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/20 12:53:18 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/20 12:53:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/19 22:44:02 | 000,000,932 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:44:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 09:21:38 | 000,003,605 | ---- | C] () -- C:\Users\mike\Desktop\attach.zip
[2011/07/12 20:28:06 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2011/07/12 12:12:54 | 000,000,134 | ---- | C] () -- C:\Users\mike\Desktop\Programs and Features - Shortcut.lnk
[2011/07/04 09:42:09 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/04 09:09:30 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/04 07:58:08 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/07/01 10:36:34 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 09:26:38 | 000,065,536 | ---- | C] () -- C:\Windows\SPInstall.etl
[2010/12/30 11:07:22 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/12/30 11:07:14 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/30 11:07:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/19 15:11:19 | 000,207,088 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/23 11:43:52 | 001,022,789 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/04/19 19:32:19 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010/04/19 19:24:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010/02/10 23:30:51 | 000,000,552 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d8caps.dat
[2010/01/16 18:51:40 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2009/10/24 19:25:25 | 000,000,192 | ---- | C] () -- C:\Users\mike\AppData\Roaming\wklnhst.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/31 10:45:50 | 000,000,056 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/06/16 09:23:42 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\prvlcl.dat
[2009/03/23 01:52:46 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/03/23 01:27:32 | 000,747,566 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2008/08/19 03:02:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/19 03:02:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/07 17:13:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/08 23:20:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2008/04/04 16:35:21 | 000,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll
[2008/04/02 16:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/26 14:37:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1045.dll
[2008/03/26 14:37:35 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1045.DAT
[2008/03/19 00:19:26 | 000,013,281 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008/03/18 23:24:45 | 000,008,457 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2008/02/26 14:30:51 | 000,000,087 | ---- | C] () -- C:\Users\mike\AppData\Roaming\MOTU FW CueMix Prefs.prefs
[2008/02/20 19:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/17 22:43:30 | 002,433,400 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/01/31 23:08:08 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2008/01/30 04:01:29 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/18 14:40:18 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2007/12/12 14:50:13 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2007/12/12 14:50:08 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\deskMenu2.dll
[2007/09/20 03:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 03:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 03:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 03:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 03:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 03:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 03:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 03:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 03:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 03:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 03:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 03:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 03:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 03:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 03:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 03:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 03:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/11 00:11:52 | 000,203,264 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/03 20:50:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/10 12:04:56 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/07/10 11:40:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/07/10 11:36:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/07/10 11:36:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,445,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,606,352 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,056 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/07 18:54:16 | 004,628,480 | ---- | C] () -- C:\Windows\System32\smh-qt-mt333.dll
[2004/08/09 15:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ddcvt.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Let me know how things are running now ?
nauticaice
2011-07-25, 17:35
here are the online eset scan results as requested, check it out.
C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\aa21c59-7d24a394 multiple threats
C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3e85f8e5-707e2557 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\mike\Documents\CAMEL SPACE\a-csp142.zip a variant of Win32/Keygen.AD application
C:\Users\mike\Documents\CAMEL SPACE\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\mike\Documents\Camel.Audio.CamelSpace.VST.v1.42.incl.Keygen-AiR\a-csp142.zip a variant of Win32/Keygen.AD application
C:\Users\mike\Documents\IZotope.Trash.VST.DX.AS.RTAS.HTDM.v1.13.incl.Keygen-AiR\a-it113a.zip a variant of Win32/Keygen.AD application
C:\Users\mike\Documents\IZotope.Trash.VST.DX.AS.RTAS.HTDM.v1.13.incl.Keygen-AiR\a-it113a\a-it113.rar a variant of Win32/Keygen.AD application
C:\Users\mike\Documents\IZotope.Trash.VST.DX.AS.RTAS.HTDM.v1.13.incl.Keygen-AiR\a-it113a\a-it113\keygen.exe a variant of Win32/Keygen.AD application
C:\Users\mike\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
C:\Users\mike\Downloads\Sony Vegas 32bit.zip multiple threats
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
nauticaice
2011-07-25, 18:35
here is my ckfiles log as requested:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\cakewalk projects\more crack.cwp
c:\cakewalk projects\crackhousesessionssz\crackhousesessionssz.cwb
c:\cakewalk projects\crackhousesessionssz\crackhousesessionssz.cwp
c:\cakewalk projects\crackmuzik\crackmuzik bt mx.cwp
c:\cakewalk projects\crackmuzik\crackmuzik.cwp
c:\cakewalk projects\picture cache\crackhousesessionssz--entire-mix--mix--281--1ca851f202e6f26.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--entire-mix--mix--281--1ca851f202e6f26.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--103--1ca7311f1f20d86.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--103--1ca7311f1f20d86.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--107--1ca73120f8a7fd6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--107--1ca73120f8a7fd6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--111--1ca73126a15ab06.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--111--1ca73126a15ab06.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--115--1ca7312aedb9066.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--115--1ca7312aedb9066.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--119--1ca7312e6658d16.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--119--1ca7312e6658d16.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--123--1ca7312f9bdf196.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--123--1ca7312f9bdf196.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--127--1ca731316a56366.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--127--1ca731316a56366.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--131--1ca7313ba383c56.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-1--rec--131--1ca7313ba383c56.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--104--1ca7311f1f40956.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--104--1ca7311f1f40956.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--108--1ca73120f926f16.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--108--1ca73120f926f16.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--112--1ca73126a1eabb6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--112--1ca73126a1eabb6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--116--1ca7312aefbe9a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--116--1ca7312aefbe9a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--120--1ca7312e687e226.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--120--1ca7312e687e226.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--124--1ca7312f9c98a56.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--124--1ca7312f9c98a56.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--128--1ca731316b14a46.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--128--1ca731316b14a46.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--132--1ca7313ba3fb666.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-2--rec--132--1ca7313ba3fb666.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--135--1ca73142088dcd6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--135--1ca73142088dcd6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--139--1ca73147db60316.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--139--1ca73147db60316.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--143--1ca731523055916.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-3--rec--143--1ca731523055916.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--136--1ca731420933d16.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--136--1ca731420933d16.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--140--1ca73147db87416.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--140--1ca73147db87416.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--144--1ca7315230ea7e6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-4--rec--144--1ca7315230ea7e6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--147--1ca73156f120976.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--147--1ca73156f120976.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--153--1ca73158fc63ab6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--153--1ca73158fc63ab6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--157--1ca7315cd2e98c6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--157--1ca7315cd2e98c6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--161--1ca731668d90f86.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--161--1ca731668d90f86.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--165--1ca731692c50656.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--165--1ca731692c50656.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--169--1ca7316c0bdf9e6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--169--1ca7316c0bdf9e6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--173--1ca7316fa7584f6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--173--1ca7316fa7584f6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--177--1ca73173336a216.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--177--1ca73173336a216.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--181--1ca7317d3b11776.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--181--1ca7317d3b11776.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--253--1ca7ba5ebaaefa8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--253--1ca7ba5ebaaefa8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--257--1ca7ba69059e6f8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-5--rec--257--1ca7ba69059e6f8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--148--1ca73156f1cb7d6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--148--1ca73156f1cb7d6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--154--1ca73158fe55b76.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--154--1ca73158fe55b76.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--158--1ca7315cd32b776.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--158--1ca7315cd32b776.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--162--1ca731668e0b0a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--162--1ca731668e0b0a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--166--1ca731692ce0706.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--166--1ca731692ce0706.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--170--1ca7316c0db9406.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--170--1ca7316c0db9406.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--174--1ca7316faa71c46.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--174--1ca7316faa71c46.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--178--1ca73173358f726.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--178--1ca73173358f726.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--182--1ca7317d3bc8926.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--182--1ca7317d3bc8926.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--254--1ca7ba5ebb61338.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--254--1ca7ba5ebb61338.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--258--1ca7ba69063f918.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-6--rec--258--1ca7ba69063f918.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-7--rec--185--1ca731851a50c96.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-7--rec--185--1ca731851a50c96.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-7--rec--189--1ca7318f2e5b826.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-7--rec--189--1ca7318f2e5b826.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-8--rec--186--1ca731851acfbd6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-8--rec--186--1ca731851acfbd6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-8--rec--190--1ca7318f2eb0f56.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-8--rec--190--1ca7318f2eb0f56.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-9--rec--193--1ca73194d35fd36.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-9--rec--193--1ca73194d35fd36.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-9--rec--197--1ca7319f28f1736.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--fantom-9--rec--197--1ca7319f28f1736.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--276--1ca7c6cb805ede8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--276--1ca7c6cb805ede8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--278--1ca7c6cfdd44298.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--278--1ca7c6cfdd44298.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--280--1ca7c6d9d52f2d8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--main-hi-hat--rec--280--1ca7c6d9d52f2d8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e5747334ed.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e5747334ed.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e5d3379cfd.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e5d3379cfd.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e6081bf51d.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e6081bf51d.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e633993a4d.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e633993a4d.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e696c960ed.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--1--1ca84e696c960ed.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e5b83edbcd.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e5b83edbcd.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e5eeb3befd.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e5eeb3befd.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e61df6227d.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e61df6227d.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e657cd919d.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--edit--2--1ca84e657cd919d.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--17--1ca7309fd1a03f6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--17--1ca7309fd1a03f6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--33--1ca730a153547b6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--33--1ca730a153547b6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--49--1ca730a2bc9eb76.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--49--1ca730a2bc9eb76.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--65--1ca730accea64d6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-1--rec--65--1ca730accea64d6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--100--1ca730e7a56e146.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--100--1ca730e7a56e146.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--78--1ca730c795c8da6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--78--1ca730c795c8da6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--86--1ca730d4fb80aa6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--86--1ca730d4fb80aa6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--92--1ca730dc1dd3ba6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-11--rec--92--1ca730dc1dd3ba6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--79--1ca730c79651926.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--79--1ca730c79651926.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--87--1ca730d4fba7ba6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--87--1ca730d4fba7ba6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--93--1ca730dc1e3cb56.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--93--1ca730dc1e3cb56.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--99--1ca730e7a4f6736.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-12--rec--99--1ca730e7a4f6736.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--80--1ca730c79765736.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--80--1ca730c79765736.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--88--1ca730d4fbcc596.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--88--1ca730d4fbcc596.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--94--1ca730dc1f02766.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--94--1ca730dc1f02766.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--98--1ca730e7a42e416.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-13--rec--98--1ca730e7a42e416.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-14--rec--81--1ca730c79826526.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-14--rec--81--1ca730c79826526.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-15--rec--82--1ca730c798d1386.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-15--rec--82--1ca730c798d1386.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--18--1ca7309fd2093a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--18--1ca7309fd2093a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--34--1ca730a15398d76.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--34--1ca730a15398d76.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--50--1ca730a2bd3d686.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--50--1ca730a2bd3d686.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--66--1ca730accf142a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-2--rec--66--1ca730accf142a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-25--rec--194--1ca73194d3e61a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-25--rec--194--1ca73194d3e61a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-25--rec--198--1ca7319f2983ef6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-25--rec--198--1ca7319f2983ef6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-26--rec--201--1ca731a40d11e26.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-26--rec--201--1ca731a40d11e26.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-26--rec--205--1ca731ae9dba766.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-26--rec--205--1ca731ae9dba766.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-27--rec--202--1ca731a40e1e706.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-27--rec--202--1ca731a40e1e706.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-27--rec--206--1ca731ae9e6caf6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-27--rec--206--1ca731ae9e6caf6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-28--rec--209--1ca731bbb4fa626.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-28--rec--209--1ca731bbb4fa626.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-29--rec--210--1ca731bbb565ce6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-29--rec--210--1ca731bbb565ce6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--19--1ca7309fd29e276.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--19--1ca7309fd29e276.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--35--1ca730a153c4c96.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--35--1ca730a153c4c96.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--51--1ca730a2bde36c6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--51--1ca730a2bde36c6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--67--1ca730accf699d6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-3--rec--67--1ca730accf699d6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--213--1ca731ca3bed2a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--213--1ca731ca3bed2a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--217--1ca731cc2ecb206.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--217--1ca731cc2ecb206.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--221--1ca731d6360bec6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-30--rec--221--1ca731d6360bec6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--214--1ca731ca3c6c1e6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--214--1ca731ca3c6c1e6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--218--1ca731cc317b9a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--218--1ca731cc317b9a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--222--1ca731d636c0966.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-31--rec--222--1ca731d636c0966.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--225--1ca7320cf281dd6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--225--1ca7320cf281dd6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--229--1ca7321070c2166.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--229--1ca7321070c2166.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--233--1ca73214d2d5106.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--233--1ca73214d2d5106.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--237--1ca732176c3adc6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--237--1ca732176c3adc6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--241--1ca7321a3d3a0e6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--241--1ca7321a3d3a0e6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--245--1ca7321ae351966.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--245--1ca7321ae351966.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--249--1ca73224ee21076.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-32--rec--249--1ca73224ee21076.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--226--1ca7320cf32a526.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--226--1ca7320cf32a526.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--230--1ca73210718f2a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--230--1ca73210718f2a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--234--1ca73214d32cf46.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--234--1ca73214d32cf46.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--238--1ca732176c7cc76.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--238--1ca732176c7cc76.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--242--1ca7321a3dd3dd6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--242--1ca7321a3dd3dd6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--246--1ca7321ae37d886.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--246--1ca7321ae37d886.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--250--1ca73224eed8226.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-33--rec--250--1ca73224eed8226.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--261--1ca7bb36225fa58.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--261--1ca7bb36225fa58.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--265--1ca7bb3952e1868.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--265--1ca7bb3952e1868.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--269--1ca7bb3d244fb18.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--269--1ca7bb3d244fb18.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--273--1ca7bb47775cc98.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-34--rec--273--1ca7bb47775cc98.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--262--1ca7bb36252afa8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--262--1ca7bb36252afa8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--266--1ca7bb395351d48.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--266--1ca7bb395351d48.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--270--1ca7bb3d2615cb8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--270--1ca7bb3d2615cb8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--274--1ca7bb4777d46a8.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-35--rec--274--1ca7bb4777d46a8.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--20--1ca7309fd333146.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--20--1ca7309fd333146.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--36--1ca730a153fa7f6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--36--1ca730a153fa7f6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--52--1ca730a2bea44b6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--52--1ca730a2bea44b6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--68--1ca730accfc6636.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-4--rec--68--1ca730accfc6636.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--21--1ca7309fd3be3d6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--21--1ca7309fd3be3d6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--37--1ca730a1542b536.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--37--1ca730a1542b536.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--53--1ca730a2bf652a6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--53--1ca730a2bf652a6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--69--1ca730acd03e046.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-5--rec--69--1ca730acd03e046.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--22--1ca7309fd450b96.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--22--1ca7309fd450b96.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--38--1ca730a15485a86.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--38--1ca730a15485a86.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--54--1ca730a2c00d9f6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--54--1ca730a2c00d9f6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--70--1ca730acd0b0c36.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-6--rec--70--1ca730acd0b0c36.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--24--1ca7309fd527916.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--24--1ca7309fd527916.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--40--1ca730a1550bef6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--40--1ca730a1550bef6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--56--1ca730a2c179646.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--56--1ca730a2c179646.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--72--1ca730acd19d946.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-7--rec--72--1ca730acd19d946.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--23--1ca7309fd49c686.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--23--1ca7309fd49c686.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--39--1ca730a154d1576.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--39--1ca730a154d1576.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--55--1ca730a2c0c72b6.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--55--1ca730a2c0c72b6.wtr
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--71--1ca730acd11ea06.wov
c:\cakewalk projects\picture cache\crackhousesessionssz--track-8--rec--71--1ca730acd11ea06.wtr
c:\cakewalk projects\picture cache\crackmuzik--audio-1--rec--9--1c9406daf325002.wov
c:\cakewalk projects\picture cache\crackmuzik--audio-1--rec--9--1c9406daf325002.wtr
c:\cakewalk projects\picture cache\crackmuzik--audio-2--rec--10--1c9406daf47d3d2.wov
c:\cakewalk projects\picture cache\crackmuzik--audio-2--rec--10--1c9406daf47d3d2.wtr
c:\cakewalk projects\picture cache\crackmuzik--fantomxr-piano-trak11--rec--31--1c940742c845112.wov
c:\cakewalk projects\picture cache\crackmuzik--fantomxr-piano-trak11--rec--31--1c940742c845112.wtr
c:\cakewalk projects\picture cache\crackmuzik--fantomxr-piano-trak11--rec--32--1c940742c9c9402.wov
c:\cakewalk projects\picture cache\crackmuzik--fantomxr-piano-trak11--rec--32--1c940742c9c9402.wtr
c:\cakewalk projects\picture cache\crackmuzik--motif-es--rec--67--1c9412c7a782e62.wov
c:\cakewalk projects\picture cache\crackmuzik--motif-es--rec--67--1c9412c7a782e62.wtr
c:\cakewalk projects\picture cache\crackmuzik--motifes-now--rec--68--1c9412c7a910d92.wov
c:\cakewalk projects\picture cache\crackmuzik--motifes-now--rec--68--1c9412c7a910d92.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--16--1c9406dafd63122.wov
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--16--1c9406dafd63122.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--19--1c940737b2de8e2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--19--1c940737b2de8e2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--23--1c94073a271ca22.wov
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--23--1c94073a271ca22.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--27--1c94073ed5a93f2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-10--rec--27--1c94073ed5a93f2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-11--rec--20--1c940737b41e612.wov
c:\cakewalk projects\picture cache\crackmuzik--track-11--rec--20--1c940737b41e612.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-11--rec--24--1c94073a28c7e12.wov
c:\cakewalk projects\picture cache\crackmuzik--track-11--rec--24--1c94073a28c7e12.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--35--1c94074f5713ca2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--35--1c94074f5713ca2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--39--1c940751475c212.wov
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--39--1c940751475c212.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--43--1c9407550c1dab2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-12--rec--43--1c9407550c1dab2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--36--1c94074f58ab812.wov
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--36--1c94074f58ab812.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--40--1c94075148e7a32.wov
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--40--1c94075148e7a32.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--44--1c9407550db2f12.wov
c:\cakewalk projects\picture cache\crackmuzik--track-13--rec--44--1c9407550db2f12.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-14--rec--47--1c940773924b5b2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-14--rec--47--1c940773924b5b2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-15--rec--48--1c9407739407b12.wov
c:\cakewalk projects\picture cache\crackmuzik--track-15--rec--48--1c9407739407b12.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-16--rec--51--1c9407854d586d2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-16--rec--51--1c9407854d586d2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-16--rec--55--1c94129e02fca92.wov
c:\cakewalk projects\picture cache\crackmuzik--track-16--rec--55--1c94129e02fca92.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-17--rec--52--1c9407854edc9c2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-17--rec--52--1c9407854edc9c2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-17--rec--56--1c94129e0430472.wov
c:\cakewalk projects\picture cache\crackmuzik--track-17--rec--56--1c94129e0430472.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-18--rec--59--1c9412ac7fa2b92.wov
c:\cakewalk projects\picture cache\crackmuzik--track-18--rec--59--1c9412ac7fa2b92.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-19--rec--60--1c9412ac8197362.wov
c:\cakewalk projects\picture cache\crackmuzik--track-19--rec--60--1c9412ac8197362.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-20--rec--63--1c9412bbe2a9d62.wov
c:\cakewalk projects\picture cache\crackmuzik--track-20--rec--63--1c9412bbe2a9d62.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-21--rec--64--1c9412bbe437c92.wov
c:\cakewalk projects\picture cache\crackmuzik--track-21--rec--64--1c9412bbe437c92.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-24--rec--71--1c9412ce74a7522.wov
c:\cakewalk projects\picture cache\crackmuzik--track-24--rec--71--1c9412ce74a7522.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-25--rec--72--1c9412ce774b972.wov
c:\cakewalk projects\picture cache\crackmuzik--track-25--rec--72--1c9412ce774b972.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-26--rec--75--1c9412d65596c52.wov
c:\cakewalk projects\picture cache\crackmuzik--track-26--rec--75--1c9412d65596c52.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-26--rec--79--1c941390120b8e2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-26--rec--79--1c941390120b8e2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-27--rec--76--1c9412d657e8082.wov
c:\cakewalk projects\picture cache\crackmuzik--track-27--rec--76--1c9412d657e8082.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-27--rec--80--1c9413901350432.wov
c:\cakewalk projects\picture cache\crackmuzik--track-27--rec--80--1c9413901350432.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-5--rec--11--1c9406daf6260b2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-5--rec--11--1c9406daf6260b2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--82--1ca8448a13efeae.wov
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--82--1ca8448a13efeae.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--84--1ca8448c4f2daf3.wov
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--84--1ca8448c4f2daf3.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--86--1ca8448cff2fe69.wov
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--86--1ca8448cff2fe69.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--88--1ca8449059883a4.wov
c:\cakewalk projects\picture cache\crackmuzik--track-50--rec--88--1ca8449059883a4.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-6--rec--12--1c9406daf78f5f2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-6--rec--12--1c9406daf78f5f2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-7--rec--13--1c9406daf91fc32.wov
c:\cakewalk projects\picture cache\crackmuzik--track-7--rec--13--1c9406daf91fc32.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-8--rec--14--1c9406dafa9a2e2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-8--rec--14--1c9406dafa9a2e2.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-9--rec--15--1c9406dafbdee32.wov
c:\cakewalk projects\picture cache\crackmuzik--track-9--rec--15--1c9406dafbdee32.wtr
c:\cakewalk projects\picture cache\crackmuzik--track-9--rec--28--1c94073ed7c73d2.wov
c:\cakewalk projects\picture cache\crackmuzik--track-9--rec--28--1c94073ed7c73d2.wtr
c:\program files\fxpansion\cypher\presets\patchen\dr cracker.cypher
c:\program files\fxpansion\fusor\devices\presets\bitcrusher\cracked 2 bit hp.fxpreset
c:\program files\fxpansion\strobe\presets\patchen\ba clackity crackity.strobe
c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\jewel quest\audio\st_win3_crackle.ogg
c:\program files\hp games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker1.pnge
c:\program files\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\program files\hp games\phoenix assault\data\full\art\actors\resources\asteroid3cracks.wsbm
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\documents\xcrackle.pdf
c:\users\mike\desktop\new folder\akaimpc4000 projectz\try it againnnnnnnnnnnnnn\new folder\new folder\morecrack\all_seq_song1.all
c:\users\mike\desktop\new folder\akaimpc4000 projectz\try it againnnnnnnnnnnnnn\new folder\new folder\morecrack\multi 1.akm
c:\users\mike\desktop\new folder\akaimpc4000 projectz\try it againnnnnnnnnnnnnn\new folder\new folder\morecrack\program 1.akp
c:\users\mike\desktop\new folder\old comp notes\propellerheads.recycle.v2.1.incl.keygen-h2o_02.07.2004_(original).zip
c:\users\mike\documents\camel.audio.camelspace.vst.v1.42.incl.keygen-air.torrent
c:\users\mike\documents\camel space\keygen.exe
c:\users\mike\documents\camel.audio.camelspace.vst.v1.42.incl.keygen-air\a-csp142.zip
c:\users\mike\documents\camel.audio.camelspace.vst.v1.42.incl.keygen-air\air.nfo
c:\users\mike\documents\celemony.melodyne.plugin_vst.rtas.v102_incl_keygen-a.i.r\air.nfo
c:\users\mike\documents\celemony.melodyne.plugin_vst.rtas.v102_incl_keygen-a.i.r\rel_notes_plugin_1.0.2.pdf
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a.zip
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113b.zip
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113c.zip
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113d.zip
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113e.zip
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\air.nfo
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\file_id.diz
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113.r00
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113.r01
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113.r02
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113.r03
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113.rar
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\file_id.diz
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113\keygen.exe
c:\users\mike\documents\izotope.trash.vst.dx.as.rtas.htdm.v1.13.incl.keygen-air\a-it113a\a-it113\setup.exe
c:\users\mike\documents\nero 8 ultra edition + 2 keygens\another plugin serials.txt
c:\users\mike\documents\nero 8 ultra edition + 2 keygens\important!.txt
c:\users\mike\documents\nero 8 ultra edition + 2 keygens\nero.8.ultra.serials.txt
c:\users\mike\documents\nero 8 ultra edition + 2 keygens\plugins serial.txt
c:\users\mike\documents\propellerheads.recycle.v2.1.incl.keygen-h2o_02.07.2004_(original)\propellerheads.recycle.v2.1.incl.keygen-h2o 02.07.2004 (original)\h-rec21a.zip
c:\users\mike\documents\propellerheads.recycle.v2.1.incl.keygen-h2o_02.07.2004_(original)\propellerheads.recycle.v2.1.incl.keygen-h2o 02.07.2004 (original)\h-rec21b.zip
c:\users\mike\documents\propellerheads.recycle.v2.1.incl.keygen-h2o_02.07.2004_(original)\propellerheads.recycle.v2.1.incl.keygen-h2o 02.07.2004 (original)\h-rec21c.zip
c:\users\mike\documents\propellerheads.recycle.v2.1.incl.keygen-h2o_02.07.2004_(original)\propellerheads.recycle.v2.1.incl.keygen-h2o 02.07.2004 (original)\h-rec21d.zip
c:\users\mike\documents\proppelerhead recycle\keygen.exe
c:\users\mike\downloads\70meteora\crackedsoftwares.com.url
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\peace-out.nfo
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32.r00
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32.r01
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32.r02
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32.rar
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32.sfv
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\absynth 5 v5.0.0.829\absynth 5.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\absynth 5 v5.0.0.829\absynth 5.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\battery 3 v3.0.5.23\battery 3.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\battery 3 v3.0.5.23\battery 3.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\fm8 v1.0.4.879\fm8.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\fm8 v1.0.4.879\fm8.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\guitar rig 4 pro v4.0.7.960\guitar rig 4.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\guitar rig 4 pro v4.0.7.960\guitar rig 4.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\kontakt 4 v4.0.0.2475\kontakt 4.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\kontakt 4 v4.0.0.2475\kontakt 4.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\massive v1.1.4.1901\massive.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\massive v1.1.4.1901\massive.exe
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\reaktor 5 v5.1.5.2\reaktor5.dll
c:\users\mike\downloads\native.instruments.komplete.6.full.crack.x32-peace-out\pokmpc32\reaktor 5 v5.1.5.2\reaktor5.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1802.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1803.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1804.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1805.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1806.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1807.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1808.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1809.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1810.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1811.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1812.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1813.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1814.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1815.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1816.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1817.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1818.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1819.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1820.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1821.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1822.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1823.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1824.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1825.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1826.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1827.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1828.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1829.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1830.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1831.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1832.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1833.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1834.zip
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\air.nfo
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r00
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r01
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r02
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r03
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r04
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r05
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r06
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r07
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r08
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r09
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r10
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r11
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r12
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r13
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r14
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r15
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r16
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r17
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r18
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r19
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r20
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r21
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r22
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r23
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r24
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r25
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r26
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r27
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r28
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r29
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r30
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r31
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.r32
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185.rar
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\air.nfo
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\file_id.diz
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\rob_papen_blue_v1.x_keygen.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\rtas\blue_rtas_1_8_5d_installer.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\x64\blue_1_8_5d_64bits_installer.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\x64\blue_1_8_5d_64bits_multicore_installer.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\x86\blue_1_8_5d_installer.exe
c:\users\mike\downloads\rob.papen.blue.vsti.rtas.v1.8.5d.x86.x64.incl.keygen-air\a-rb1801\a-rb185\x86\blue_1_8_5d_multicore_installer.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1002.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1003.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1004.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1005.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1006.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1007.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1008.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1009.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1010.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1011.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1012.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1013.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1014.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1015.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1016.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1017.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1018.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1019.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1020.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1021.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1022.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1023.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1024.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1025.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1026.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1027.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1028.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1029.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1030.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1031.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1032.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1033.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1034.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1035.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1036.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1037.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1038.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1039.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1040.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1041.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1042.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1043.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1044.zip
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\air.nfo
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r00
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r01
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r02
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r03
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r04
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r05
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r06
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r07
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r08
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r09
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r10
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r11
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r12
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r13
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r14
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r15
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r16
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r17
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r18
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r19
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r20
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r21
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r22
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r23
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r24
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r25
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r26
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r27
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r28
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r29
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r30
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r31
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r32
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r33
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r34
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r35
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r36
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r37
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r38
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r39
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r40
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r41
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.r42
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103.rar
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\air.nfo
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\file_id.diz
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\rob_papen_subboombass_v1.x_keygen.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\rtas\subboombass_rtas_1_0_3c_installer.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\x64\subboombass_1_0_3c_64bits_installer.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\x64\subboombass_1_0_3c_64bits_multicore_installer.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\x86\subboombass_1_0_3c_installer.exe
c:\users\mike\downloads\rob.papen.subboombass.vsti.rtas.v1.0.3c.x86.x64.incl.keygen-air\a-rs1001\a-rs103\sub boom bass 4dubb\x86\subboombass_1_0_3c_multicore_installer.exe
c:\users\mike\downloads\spectrasonics.trilian.vsti.au.rtas.pc.mac.dvdr.d1-airiso\air-stbmdvd1\keygen.exe
c:\users\mike\downloads\spectrasonics.trilian.vsti.au.rtas.pc.mac.dvdr.d1-airiso\air-stbmdvd1\crack\trilian 1.1.4c mac patched.zip
c:\users\mike\videos\realplayer downloads\dwayne johnson on why not to buy cars from crackheads .meta
c:\users\mike\videos\realplayer downloads\dwayne johnson on why not to buy cars from crackheads .mov
scanner sequence 3.ZZ.11.CNAPFL
----- EOF -----
Looks like your downloading music from P2P ( File Sharing ) some may be illegal
nauticaice
2011-07-25, 22:24
sorry, must be my younger brother
Whatever, you or someone who you authorized to use your computer is downloading illegal stuff and its against our policy to help people with illegal software. Downloading thru the torrents or from Cracked sites is the number one way of infecting your system, almost 100% of those downloads contain malware or a virus .