View Full Version : Hosts Hijack
Hello, bit of an annoyance here. I've been battling this problem for a while now and searched everything I can think of to fix it. My hosts file has been hijacked. I usually help others with this sort of problem so my first thoughts were that it wasn't a big deal and I'd just fix it myself. Several weeks later I come to this forum because I can't even edit my hosts file in safe mode without getting access denied.
DDS log as per "Read Before Posting"
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Roger at 21:47:45 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.2812.1656 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Palringo\palringo.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
uInternet Settings,ProxyServer = http=127.0.0.1:50081
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [JumiController]
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Akamai NetSession Interface] "C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\1553833535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\2456C6B696E6F574F575962756C6563737F5244473248353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\3747169737D6162747 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\43F5F6C6D657E6B637 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\huk8dv93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-23 1181104]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-23 166528]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\system32\DRIVERS\Neo_0001.sys --> C:\Windows\system32\DRIVERS\Neo_0001.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-23 1185704]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 vpnclient;PacketiX VPN Client;C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-5-15 2478080]
.
=============== Created Last 30 ================
.
2012-04-18 01:12:23 -------- d-----w- C:\Users\Roger\AppData\Local\{B0EE6845-A02F-45F7-AC29-4F3DBC675A2D}
2012-04-18 01:12:10 -------- d-----w- C:\Users\Roger\AppData\Local\{561545E0-96A6-4149-8336-3762246030AC}
2012-04-16 23:03:41 -------- d-----w- C:\Users\Roger\AppData\Local\{6206CA4F-68A7-454D-806E-CE2781284303}
2012-04-16 23:03:28 -------- d-----w- C:\Users\Roger\AppData\Local\{66716546-0958-455A-A91D-632F4C688AA2}
2012-04-15 22:39:18 -------- d-----w- C:\Users\Roger\AppData\Local\{98AEA568-EAA0-4AC7-A921-79D13BF32E13}
2012-04-15 22:39:05 -------- d-----w- C:\Users\Roger\AppData\Local\{91D62BEE-CCF5-4239-B3AC-0FED25DA986C}
2012-04-14 21:18:33 -------- d-----w- C:\Users\Roger\AppData\Local\{1ED158E6-BC20-4AD5-BFE3-595731E23755}
2012-04-12 16:16:52 -------- d-----w- C:\Users\Roger\AppData\Local\{060FFCE7-3401-4CF3-B2FA-F6D650FE58AD}
2012-04-11 23:40:02 -------- d-----w- C:\Users\Roger\AppData\Local\{D6A9E2E1-9E6E-4F6C-B128-9C0F22274E55}
2012-04-11 01:26:13 -------- d-----w- C:\Users\Roger\AppData\Local\{401989FE-1CB8-480C-804C-BE6E7FAA6ABF}
2012-04-10 00:18:38 -------- d-----w- C:\Users\Roger\AppData\Local\{9AE3D228-D649-492C-B96C-7D41FF4FD467}
2012-04-08 17:50:54 -------- d-----w- C:\Users\Roger\AppData\Local\{FD975B7C-7E4F-4243-8EF3-CA453DA1870A}
2012-04-07 21:51:04 -------- d-----w- C:\Users\Roger\AppData\Local\{F22C861F-B887-4CB5-97FB-56A6A76C3F9A}
2012-04-07 09:50:39 -------- d-----w- C:\Users\Roger\AppData\Local\{C80C3F3C-1E2A-40DF-90F0-1AA2B156FCE8}
2012-04-06 21:50:27 -------- d-----w- C:\Users\Roger\AppData\Local\{688202CF-623B-4812-92BE-7A79F84F6D6B}
2012-04-06 21:41:12 -------- d-----w- C:\Program Files (x86)\Palringo
2012-04-05 19:18:54 -------- d-----w- C:\Users\Roger\AppData\Local\{707319B0-56AC-40EB-8F1A-F3E960F5634F}
2012-04-05 00:32:30 -------- d-----w- C:\Users\Roger\AppData\Local\{32D772A4-ECC1-4C9C-B565-B09644245595}
2012-04-04 01:07:29 -------- d-----w- C:\Users\Roger\AppData\Local\{A43E1B90-9F55-4D5B-B1E2-8EA3B1C95790}
2012-04-03 10:55:48 -------- d-----w- C:\Users\Roger\AppData\Local\{D9FED71C-2DEA-44F2-92B1-E8869AF193B3}
2012-04-02 22:55:22 -------- d-----w- C:\Users\Roger\AppData\Local\{1B913A82-19D1-40CB-9274-5EF3E03D9C3B}
2012-04-02 01:22:46 -------- d-----w- C:\Users\Roger\AppData\Local\{53A4CD5A-93B3-4091-A8A8-041423BD8322}
2012-03-29 01:22:53 -------- d-----w- C:\Users\Roger\AppData\Local\{AFAB569C-D0D0-4894-B989-F75AAF24CD27}
2012-03-26 01:05:45 -------- d-----w- C:\Users\Roger\AppData\Local\{C5DA689F-D492-452C-89CB-8614EE8CE5ED}
2012-03-26 01:05:30 -------- d-----w- C:\Users\Roger\AppData\Local\{810E81B0-E923-4B4A-AB4F-5DE980B97855}
2012-03-25 02:18:41 -------- d-----w- C:\Users\Roger\AppData\Local\{147A021E-77E2-4406-B2B2-B4A45EEB3F36}
2012-03-23 15:31:07 -------- d-----w- C:\Users\Roger\AppData\Local\{ECCBA241-E68D-4073-892D-F67E42398734}
2012-03-23 15:30:53 -------- d-----w- C:\Users\Roger\AppData\Local\{3E247D0A-61A4-4315-820A-43A4CFA46EE4}
2012-03-23 15:00:48 -------- d-----w- C:\Program Files (x86)\Koei
2012-03-23 02:23:34 -------- d-----w- C:\Users\Roger\AppData\Local\{7E0C8815-7687-4325-85C3-C62014A0349C}
2012-03-23 02:23:19 -------- d-----w- C:\Users\Roger\AppData\Local\{555C8E2A-63D6-4DA0-8907-5852E54922B1}
2012-03-22 14:22:33 -------- d-----w- C:\Users\Roger\AppData\Local\{C5771DA1-1B6B-49F6-B544-D70D58DDC86D}
2012-03-22 14:22:17 -------- d-----w- C:\Users\Roger\AppData\Local\{68265630-3595-4073-9456-EC937973D534}
2012-03-22 02:21:43 -------- d-----w- C:\Users\Roger\AppData\Local\{B802B1D6-9F0C-4793-B26F-BE46BC136038}
2012-03-22 02:21:30 -------- d-----w- C:\Users\Roger\AppData\Local\{BA031877-209E-4B1C-A5A3-29EDD05AEAF6}
2012-03-21 14:20:49 -------- d-----w- C:\Users\Roger\AppData\Local\{9FF791C7-ABCF-45B5-8F2C-E2FAE8B6CA28}
2012-03-21 14:20:28 -------- d-----w- C:\Users\Roger\AppData\Local\{402FC02C-4C5F-4A1D-BAE5-B9D5DFED244F}
2012-03-21 02:20:06 -------- d-----w- C:\Users\Roger\AppData\Local\{140F1AE6-2D97-40A1-80F1-E81733902444}
2012-03-21 02:19:52 -------- d-----w- C:\Users\Roger\AppData\Local\{3D7D0E03-CB89-41D6-BA48-2006E13CFD81}
2012-03-20 14:16:42 -------- d-----w- C:\Users\Roger\AppData\Local\{05034373-57FC-4897-98B4-424B529171BA}
2012-03-20 14:15:14 -------- d-----w- C:\Users\Roger\AppData\Local\{C4DF83B3-9B2D-4E6A-9C19-B5EF3866FCEF}
2012-03-20 02:13:52 -------- d-----w- C:\Users\Roger\AppData\Local\{55D903E0-F451-4309-9767-F796A79A2798}
2012-03-20 02:13:40 -------- d-----w- C:\Users\Roger\AppData\Local\{E748DF1F-E14F-4278-B143-304189019574}
2012-03-19 14:10:16 -------- d-----w- C:\Users\Roger\AppData\Local\{78E58416-61DD-44C2-B942-BF710146DF42}
2012-03-19 14:09:10 -------- d-----w- C:\Users\Roger\AppData\Local\{57B0A42C-9117-4E45-B95D-8C8531132823}
2012-03-19 02:08:46 -------- d-----w- C:\Users\Roger\AppData\Local\{1B944DEB-8B85-432D-BC5D-EA47D03D2314}
2012-03-19 02:08:16 -------- d-----w- C:\Users\Roger\AppData\Local\{CEB3455F-5025-4A59-BEEE-EA16255C7E98}
.
==================== Find3M ====================
.
2012-02-29 05:51:21 1293089208 ----a-w- C:\Users\Roger\SilkroadOnline_SROROfficial_v1_014.exe
2012-02-19 13:48:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:49:35.44 ===============
Here's hoping that you post back soon.
Some extra, possibly needed, information.
I have run S&D multiple times, SUPERantispyware, Malwarebytes, and Hijack This.
oldman960
2012-04-19, 18:11
Hi aritus, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
This usually gets you past some of the Win7 security.
Click Start in the Search box type notepad
notepad will appear at the top of the list
right click it and click "Run as Administrator"
Ok it to run
in the notepad that opens click file, click open
change the box in the lower right to All files (*.*)
change the encoding box to Ansi
navigate to c:\Windows\System32\drivers\etc\hosts
click open
delete these lines
Did the Hosts open?
This stuff usually comes along with friends.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
If asked to download Avast's definitions please do so.
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Please post back with
both OTL logs
aswMBR log
mbr.zip (attached)
OTL logfile created on: 4/19/2012 11:12:57 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Roger\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.60% Memory free
5.49 Gb Paging File | 4.23 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 19.24 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Computer Name: ROGER-PC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Roger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Palringo\palringo.exe (Palringo Limited)
PRC - C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files (x86)\Palringo\libspeex.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (vpnclient) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (SoftEther Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0001.sys (SoftEther Corporation)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://findgala.com/?&uid=5757&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50081
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 23:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/19 01:19:27 | 000,000,000 | ---D | M]
[2012/02/15 16:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\Extensions
[2012/02/19 01:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3nqb6ujo.default\extensions
[2012/02/15 16:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/16 23:05:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 13:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/02/14 01:09:40 | 000,001,398 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [JumiController] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/04/19 22:46:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/19 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FCA1B7BB-444E-4336-8F66-D9A1AF180E04}
[2012/04/19 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AC3B0A0-9580-42D6-A413-B3514CA22868}
[2012/04/18 22:50:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3C9C9AAA-309E-4C0E-B0C2-337680252A5E}
[2012/04/18 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{8257B05B-E610-4CDC-A8BC-3FCED0E13F35}
[2012/04/17 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{B0EE6845-A02F-45F7-AC29-4F3DBC675A2D}
[2012/04/17 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{561545E0-96A6-4149-8336-3762246030AC}
[2012/04/16 19:03:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{6206CA4F-68A7-454D-806E-CE2781284303}
[2012/04/16 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{66716546-0958-455A-A91D-632F4C688AA2}
[2012/04/15 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{98AEA568-EAA0-4AC7-A921-79D13BF32E13}
[2012/04/15 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{91D62BEE-CCF5-4239-B3AC-0FED25DA986C}
[2012/04/14 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1ED158E6-BC20-4AD5-BFE3-595731E23755}
[2012/04/12 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{060FFCE7-3401-4CF3-B2FA-F6D650FE58AD}
[2012/04/11 19:40:02 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D6A9E2E1-9E6E-4F6C-B128-9C0F22274E55}
[2012/04/10 21:26:13 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{401989FE-1CB8-480C-804C-BE6E7FAA6ABF}
[2012/04/09 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AE3D228-D649-492C-B96C-7D41FF4FD467}
[2012/04/08 13:50:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FD975B7C-7E4F-4243-8EF3-CA453DA1870A}
[2012/04/07 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{F22C861F-B887-4CB5-97FB-56A6A76C3F9A}
[2012/04/07 05:50:39 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C80C3F3C-1E2A-40DF-90F0-1AA2B156FCE8}
[2012/04/06 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{688202CF-623B-4812-92BE-7A79F84F6D6B}
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2012/04/05 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{707319B0-56AC-40EB-8F1A-F3E960F5634F}
[2012/04/04 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{32D772A4-ECC1-4C9C-B565-B09644245595}
[2012/04/03 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{A43E1B90-9F55-4D5B-B1E2-8EA3B1C95790}
[2012/04/03 06:55:48 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D9FED71C-2DEA-44F2-92B1-E8869AF193B3}
[2012/04/02 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1B913A82-19D1-40CB-9274-5EF3E03D9C3B}
[2012/04/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{53A4CD5A-93B3-4091-A8A8-041423BD8322}
[2012/03/28 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{AFAB569C-D0D0-4894-B989-F75AAF24CD27}
[2012/03/25 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C5DA689F-D492-452C-89CB-8614EE8CE5ED}
[2012/03/25 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{810E81B0-E923-4B4A-AB4F-5DE980B97855}
[2012/03/25 08:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/03/24 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{147A021E-77E2-4406-B2B2-B4A45EEB3F36}
[2012/03/23 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Roger\Documents\KOEI
[2012/03/23 11:31:07 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{ECCBA241-E68D-4073-892D-F67E42398734}
[2012/03/23 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3E247D0A-61A4-4315-820A-43A4CFA46EE4}
[2012/03/23 11:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koei
[2012/03/23 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koei
[2012/03/23 07:20:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\Desktop\SSMOInstaller
[2012/03/23 07:19:25 | 000,478,312 | ---- | C] (株式会社 コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
[2012/03/22 22:23:34 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{7E0C8815-7687-4325-85C3-C62014A0349C}
[2012/03/22 22:23:19 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{555C8E2A-63D6-4DA0-8907-5852E54922B1}
[2012/03/22 10:22:33 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C5771DA1-1B6B-49F6-B544-D70D58DDC86D}
[2012/03/22 10:22:17 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{68265630-3595-4073-9456-EC937973D534}
[2012/03/21 22:21:43 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{B802B1D6-9F0C-4793-B26F-BE46BC136038}
[2012/03/21 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{BA031877-209E-4B1C-A5A3-29EDD05AEAF6}
[2012/03/21 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9FF791C7-ABCF-45B5-8F2C-E2FAE8B6CA28}
[2012/03/21 10:20:28 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{402FC02C-4C5F-4A1D-BAE5-B9D5DFED244F}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/19 22:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 22:46:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/19 22:23:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 22:23:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 22:21:14 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/19 22:21:14 | 000,716,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/19 22:21:14 | 000,144,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 22:16:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 22:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 22:16:06 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 19:42:31 | 000,195,388 | ---- | M] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:40:05 | 000,003,548 | ---- | M] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/26 08:03:36 | 000,001,301 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/23 11:00:11 | 000,001,888 | ---- | M] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/03/23 07:19:29 | 000,478,312 | ---- | M] (株式会社 コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
[2012/03/21 22:35:45 | 000,365,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/15 19:42:31 | 000,195,388 | ---- | C] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:20:58 | 000,003,548 | ---- | C] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/23 11:00:11 | 000,001,888 | ---- | C] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/02/20 22:53:08 | 000,000,017 | ---- | C] () -- C:\Users\Roger\AppData\Local\resmon.resmoncfg
[2012/02/13 23:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Roger\AppData\Local\{6E8214EB-F050-4AAD-9EA9-586718DD0119}
[2011/07/21 16:12:37 | 000,001,301 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/21 00:39:55 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/21 15:06:26 | 000,155,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/08 11:21:51 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
========== LOP Check ==========
[2011/08/15 20:24:03 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\2XClient
[2012/02/15 00:35:19 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\30FB9
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Acer
[2010/08/08 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Cakewalk
[2011/09/26 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\fltk.org
[2011/07/21 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\GetRightToGo
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Leadertech
[2011/10/02 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\MotioninJoy
[2010/10/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\OpenOffice.org
[2011/08/21 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\SPORE
[2011/09/12 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\TS3Client
[2011/11/17 23:12:18 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/11/05 15:47:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/19 22:16:06 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/08/15 20:45:08 | 000,027,350 | ---- | M] () -- C:\Jumi.Log
[2011/08/20 00:15:04 | 000,002,918 | -H-- | M] () -- C:\Jumi.Log.Run
[2012/02/15 15:25:09 | 000,268,785 | ---- | M] () -- C:\MGlogs.zip
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/19 22:16:05 | 2948,648,960 | -HS- | M] () -- C:\pagefile.sys
[2011/07/01 09:41:17 | 000,013,516 | ---- | M] () -- C:\Readme and Credits.txt
[2009/11/05 15:57:50 | 000,002,051 | ---- | M] () -- C:\RHDSetup.log
[2012/02/15 08:10:15 | 000,080,640 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_07.09.02_log.txt
[2012/02/15 08:13:49 | 000,077,842 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_07.13.04_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/05/12 19:55:18 | 000,000,984 | ---- | M] () -- C:\Program Files (x86)\INSTALL.LOG
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2012/04/19 22:46:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/03/23 07:19:29 | 000,478,312 | ---- | M] (株式会社 コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/13 22:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2012/02/07 18:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
< MD5 for: EXPLORER.EXE-D5E97654.PF >
[2012/04/09 23:01:49 | 000,028,124 | ---- | M] () MD5=BFE8CC665FB5DD32215D28F9EA454422 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
< MD5 for: IEXPLORE.EXE >
[2011/04/22 16:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2011/04/22 16:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/04/22 16:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2009/07/13 21:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 15:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2012/04/14 23:54:10 | 000,136,650 | ---- | M] () MD5=C2CAFB224F70D3174C36387A7DCA7E6E -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf
< MD5 for: WINLOGON.ADML >
[2009/07/13 22:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
OTL Extras logfile created on: 4/19/2012 11:12:57 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Roger\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.60% Memory free
5.49 Gb Paging File | 4.23 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 19.24 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Computer Name: ROGER-PC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"????" = ????
"{01670638-5575-4B29-9072-052889773822}" = 真・三國無双 Online
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1E0996AC-FE12-46E5-ADB5-4C2E68471B5A}_is1" = Scarlet Legacy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CFB26F6-151E-4148-96EE-853A6B7A1EC9}" = Dark Basic Professional CD 1.058 Upgrade
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F984FA-F7CF-4C3C-B850-F8D8CCA7D028}" = Dark Basic Professional 1.066 Upgrade
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9769365A-CCB5-4E36-8803-042DA23C30CA}" = Dark Basic Professional Online
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E2781-2E22-4485-A33A-6F3E322A3F2D}" = PacketiX VPN Client (English)
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D World Studio_is1" = 3D World Studio 5.52
"7-Zip" = 7-Zip 4.42
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"Cartography Shop_is1" = Cartography Shop Free
"CharacterFX" = CharacterFX (remove only)
"CleanUp!" = CleanUp!
"Deep Paint" = Deep Paint
"DreamStation DXi2" = DreamStation DXi2
"Dynasty Warriors Online" = Dynasty Warriors Online
"EarthSculptor_is1" = EarthSculptor 1.05
"fragMOTION 0.9.5_is1" = fragMOTION 0.9.5
"fragMOTION SDK_is1" = fragMOTION SDK 0.8.5
"Fraps" = Fraps (remove only)
"gile[s]_is1" = gile[s] V1.36
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Kingdom Heroes" = Kingdom Heroes
"LManager" = Launch Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Mabinogi Frontend" = Mabinogi Frontend
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MeshLab" = MeshLab 1.1.1
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Palringo" = Palringo
"SilkroadR" = SilkroadR
"SONAR Home Studio 4" = SONAR Home Studio 4
"ST6UNST #1" = Media Copy v1.1
"Star Trek Online" = Star Trek Online
"tree[d]_is1" = tree[d] V3.0
"Ultimate Unwrap3D Pro 3.15_is1" = Ultimate Unwrap3D Pro 3.15
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/24/2012 10:50:08 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c48 Start
Time: 01ccf300eae93a98 Termination Time: 111 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin
Report
Id:
Error - 2/24/2012 10:55:40 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 118c Start
Time: 01ccf303a33a0982 Termination Time: 129 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin
Report
Id:
Error - 2/24/2012 11:16:32 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c7c Start
Time: 01ccf3060ae919cd Termination Time: 258 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin
Report
Id:
Error - 2/24/2012 11:50:43 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 290 Start
Time: 01ccf30759dca689 Termination Time: 254 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin
Report
Id:
Error - 2/24/2012 2:40:08 PM | Computer Name = Roger-PC | Source = Application Error | ID = 1000
Description = Faulting application name: YahooMessenger.exe, version: 10.0.0.1270,
time stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x60f98630 Faulting
process id: 0x480 Faulting application start time: 0x01ccf2aa3a272804 Faulting application
path: C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe Faulting module
path: ymsdk.dll Report Id: f93f1b8f-5f16-11e1-9ae2-00235a728c15
Error - 2/24/2012 3:16:53 PM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6bc Start
Time: 01ccf30c18a032f3 Termination Time: 152 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin
Report
Id:
Error - 2/25/2012 1:04:03 PM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 2/26/2012 1:40:58 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program gimp-2.6.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1264 Start
Time: 01ccf448e3bcbb42 Termination Time: 132 Application Path: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
Report
Id: 71dd7410-603c-11e1-b05b-00235a728c15
Error - 2/28/2012 1:56:12 AM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 3/2/2012 9:32:45 AM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
[ Media Center Events ]
Error - 3/19/2010 8:25:28 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:25:28 PM - Error connecting to the internet. 8:25:28 PM - Unable
to contact server..
Error - 3/19/2010 8:25:42 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:25:33 PM - Error connecting to the internet. 8:25:33 PM - Unable
to contact server..
Error - 3/21/2010 5:18:25 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 5:18:25 PM - Error connecting to the internet. 5:18:25 PM - Unable
to contact server..
Error - 3/21/2010 5:18:37 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 5:18:30 PM - Error connecting to the internet. 5:18:30 PM - Unable
to contact server..
Error - 3/22/2010 8:03:25 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:03:25 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)
Error - 3/22/2010 8:04:29 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:04:08 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)
Error - 3/22/2010 8:05:11 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:04:50 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)
Error - 3/22/2010 8:05:53 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:05:32 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)
Error - 3/22/2010 8:06:35 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:06:14 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)
Error - 3/22/2010 8:07:03 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:06:56 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)
[ System Events ]
Error - 4/17/2012 9:05:10 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 4/18/2012 10:13:23 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 4/18/2012 10:13:23 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 4/18/2012 10:13:43 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.
Error - 4/18/2012 10:13:49 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon
Error - 4/18/2012 10:14:00 PM | Computer Name = Roger-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 4/19/2012 10:16:11 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 4/19/2012 10:16:11 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 4/19/2012 10:16:31 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.
Error - 4/19/2012 10:16:39 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon
< End of report >
The hosts file would open but wouldn't save even when running notepad as administrator from CMD.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 23:29:38
-----------------------------
23:29:38.546 OS Version: Windows x64 6.1.7600
23:29:38.546 Number of processors: 1 586 0x7C02
23:29:38.546 ComputerName: ROGER-PC UserName: Roger
23:29:39.919 Initialize success
23:30:51.839 AVAST engine defs: 12041901
23:31:28.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:31:28.327 Disk 0 Vendor: TOSHIBA_MK1655GSX FG011J Size: 152627MB BusType: 11
23:31:28.358 Disk 0 MBR read successfully
23:31:28.358 Disk 0 MBR scan
23:31:28.374 Disk 0 Windows 7 default MBR code
23:31:28.374 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
23:31:28.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
23:31:28.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
23:31:28.436 Disk 0 scanning C:\Windows\system32\drivers
23:31:42.976 Service scanning
23:32:42.256 Modules scanning
23:32:42.864 Disk 0 trace - called modules:
23:32:42.895 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:32:42.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ffa4a0]
23:32:42.911 3 CLASSPNP.SYS[fffff880010ae43f] -> nt!IofCallDriver -> [0xfffffa8003044040]
23:32:42.926 5 ACPI.sys[fffff88000ee6781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fe4060]
23:32:44.143 AVAST engine scan C:\Windows
23:32:47.450 AVAST engine scan C:\Windows\system32
23:38:05.457 AVAST engine scan C:\Windows\system32\drivers
23:38:20.729 AVAST engine scan C:\Users\Roger
23:43:14.228 AVAST engine scan C:\ProgramData
23:44:45.036 Scan finished successfully
23:45:00.090 Disk 0 MBR has been saved successfully to "C:\Users\Roger\Desktop\MBR.dat"
23:45:00.106 The log file has been saved successfully to "C:\Users\Roger\Desktop\aswMBR.txt"
oldman960
2012-04-20, 23:37
Hi aritus,
I take it you couldn't open the Hosts file? Did you have hidden files and folders unhidden? Any error messages?
The hosts file would open but wouldn't save even when running notepad as administrator from CMD.
I get "access denied." I've tried disabling Users, enabling Users, setting to full control, unchecking read only on every file and folder and subfolder of c:/windows but I still end up with "access denied" if I try to save the file. I can open it, just can't save it.
also I apologize for how late it is when I respond and thank you for taking the time to help :)
oldman960
2012-04-21, 07:04
Hi aritus.
Sorry I missed your comment. Let's take care of a couple of things.
Your java is out of date. Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now
decline the Ask ToolBar if offered during the update
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50081
:Reg
[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
:Files
ipconfig /flushdns /c
:Commands
[createrestorepoint]
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer
Please post the OTL fix log.
Next
Navigate to the Hosts file and right click it. You will now have a new right click menu item, take ownership . Click it. You should now be able edit the Hosts file.
Let me know how you make out. If you can successfully edit the Hosts please open OTL and click the quick scan button. There will only be an OTL.txt produced this time please post it as well.
In control panel there is only 1 Java listed which when clicked opens Java Control Panel. 4 tabs: General, Java, Security, and Advanced
I searched every tab and there is no update on it.
So after I spent some time searching through that for a way to update I clicked the office button and in search typed Java (32) which brought up Java (32). When I clicked that a black box, which looked like CMD, came up for a split second and vanished. After which nothing happened. Ran as administrator and tried again, same result.
So I moved on.
After running the fix I navigated to Hosts and when I right clicked there was no Take Control command. Nothing had changed. I tried to edit the hosts file with notepad and received the Access Denied error.
I did not run a quick scan as I couldn't access hosts. The resulting log of the run fix is as follows.
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_CLASSES_ROOT\*\shell\runas\\@|"Take Ownership" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\\"NoWorkingDirectory"|"" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\command\\@|"cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\command\\"IsolatedCommand"|"cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\\@|"Take Ownership" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\\"NoWorkingDirectory"|"" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\command\\@|"cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\command\\"IsolatedCommand"|"cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roger\Desktop\cmd.bat deleted successfully.
C:\Users\Roger\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Roger
->Temp folder emptied: 262458537 bytes
->Temporary Internet Files folder emptied: 56172275 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 153631066 bytes
->Apple Safari cache emptied: 2625536 bytes
->Flash cache emptied: 1406 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12523335 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 63085 bytes
Total Files Cleaned = 465.00 mb
OTL by OldTimer - Version 3.2.40.0 log created on 04212012_020617
Files\Folders moved on Reboot...
C:\Users\Roger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
oldman960
2012-04-21, 09:40
Hi aritus,
Well we do seem to be hitting a few bumps in the road but we can get by them. I'm not sure why there isn't a Java (32bit) listed in your control panel as you do have a 32 bit version installed. We can update it manually later. The java applet with only the 4 tabs would be the 64bit applet, there isn't an update tab for this version by design.
Let's see if we can get the right click menu item installed. We'll do that the old fashion way also.
Download the attached file, ownership.zip and save it to your desktop. Extract the contents to your desktop.
you should now have a file named ownership.reg on your desktop with an icon like this http://img127.imageshack.us/img127/433/regtg8.jpg
right click it and click merge
accept any warning you might recieve
reboot the computer
Let me know if you recieve any error message.
Try taking ownership of the Hosts file now.
THANK YOU!
A clean hosts file at last :)
as for the java thing. Last year I got into programming for a little while and had downloaded JRE and some other stuff for java, html, c++, and c# programming. Could JRE be the problem there?
I'm no longer interested in java programming so I could uninstall the related programs if needed.
OTL logfile created on: 4/22/2012 3:11:17 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Roger\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 59.14% Memory free
5.49 Gb Paging File | 4.02 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 19.09 Gb Free Space | 13.94% Space Free | Partition Type: NTFS
Computer Name: ROGER-PC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Roger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Palringo\palringo.exe (Palringo Limited)
PRC - C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files (x86)\Palringo\libspeex.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (vpnclient) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (SoftEther Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0001.sys (SoftEther Corporation)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://findgala.com/?&uid=5757&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 23:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/19 01:19:27 | 000,000,000 | ---D | M]
[2012/02/15 16:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\Extensions
[2012/02/19 01:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3nqb6ujo.default\extensions
[2012/02/15 16:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/16 23:05:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 13:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/04/21 23:29:59 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [JumiController] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/21 23:26:38 | 000,000,000 | ---D | C] -- C:\Users\Roger\Desktop\Users
[2012/04/21 02:06:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 23:28:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Roger\Desktop\aswMBR.exe
[2012/04/19 22:46:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/19 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FCA1B7BB-444E-4336-8F66-D9A1AF180E04}
[2012/04/19 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AC3B0A0-9580-42D6-A413-B3514CA22868}
[2012/04/18 22:50:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3C9C9AAA-309E-4C0E-B0C2-337680252A5E}
[2012/04/18 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{8257B05B-E610-4CDC-A8BC-3FCED0E13F35}
[2012/04/17 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{B0EE6845-A02F-45F7-AC29-4F3DBC675A2D}
[2012/04/17 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{561545E0-96A6-4149-8336-3762246030AC}
[2012/04/16 19:03:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{6206CA4F-68A7-454D-806E-CE2781284303}
[2012/04/16 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{66716546-0958-455A-A91D-632F4C688AA2}
[2012/04/15 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{98AEA568-EAA0-4AC7-A921-79D13BF32E13}
[2012/04/15 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{91D62BEE-CCF5-4239-B3AC-0FED25DA986C}
[2012/04/14 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1ED158E6-BC20-4AD5-BFE3-595731E23755}
[2012/04/12 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{060FFCE7-3401-4CF3-B2FA-F6D650FE58AD}
[2012/04/11 19:40:02 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D6A9E2E1-9E6E-4F6C-B128-9C0F22274E55}
[2012/04/10 21:26:13 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{401989FE-1CB8-480C-804C-BE6E7FAA6ABF}
[2012/04/09 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AE3D228-D649-492C-B96C-7D41FF4FD467}
[2012/04/08 13:50:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FD975B7C-7E4F-4243-8EF3-CA453DA1870A}
[2012/04/07 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{F22C861F-B887-4CB5-97FB-56A6A76C3F9A}
[2012/04/07 05:50:39 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C80C3F3C-1E2A-40DF-90F0-1AA2B156FCE8}
[2012/04/06 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{688202CF-623B-4812-92BE-7A79F84F6D6B}
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2012/04/05 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{707319B0-56AC-40EB-8F1A-F3E960F5634F}
[2012/04/04 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{32D772A4-ECC1-4C9C-B565-B09644245595}
[2012/04/03 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{A43E1B90-9F55-4D5B-B1E2-8EA3B1C95790}
[2012/04/03 06:55:48 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D9FED71C-2DEA-44F2-92B1-E8869AF193B3}
[2012/04/02 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1B913A82-19D1-40CB-9274-5EF3E03D9C3B}
[2012/04/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{53A4CD5A-93B3-4091-A8A8-041423BD8322}
[2012/03/28 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{AFAB569C-D0D0-4894-B989-F75AAF24CD27}
[2012/03/25 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C5DA689F-D492-452C-89CB-8614EE8CE5ED}
[2012/03/25 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{810E81B0-E923-4B4A-AB4F-5DE980B97855}
[2012/03/25 08:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/03/24 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{147A021E-77E2-4406-B2B2-B4A45EEB3F36}
[2012/03/23 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Roger\Documents\KOEI
[2012/03/23 11:31:07 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{ECCBA241-E68D-4073-892D-F67E42398734}
[2012/03/23 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3E247D0A-61A4-4315-820A-43A4CFA46EE4}
[2012/03/23 11:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koei
[2012/03/23 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koei
[2012/03/23 07:20:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\Desktop\SSMOInstaller
[2012/03/23 07:19:25 | 000,478,312 | ---- | C] (株式会社 コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
========== Files - Modified Within 30 Days ==========
[2012/04/22 02:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 02:53:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 23:30:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 23:30:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 23:29:59 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/21 23:27:31 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/21 23:27:31 | 000,716,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 23:27:31 | 000,144,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/21 23:26:03 | 000,000,524 | ---- | M] () -- C:\Users\Roger\Desktop\ownership.zip
[2012/04/21 23:22:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 23:22:34 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/21 02:20:33 | 000,219,324 | ---- | M] () -- C:\Users\Roger\Desktop\java4.png
[2012/04/21 02:19:48 | 000,196,621 | ---- | M] () -- C:\Users\Roger\Desktop\java3.png
[2012/04/21 02:19:09 | 000,201,107 | ---- | M] () -- C:\Users\Roger\Desktop\java2.png
[2012/04/21 02:18:13 | 000,205,319 | ---- | M] () -- C:\Users\Roger\Desktop\java1.png
[2012/04/21 00:25:54 | 000,000,744 | ---- | M] () -- C:\Users\Roger\Desktop\ownership.reg
[2012/04/19 23:46:10 | 000,000,566 | ---- | M] () -- C:\Users\Roger\Desktop\MBR.zip
[2012/04/19 23:45:00 | 000,000,512 | ---- | M] () -- C:\Users\Roger\Desktop\MBR.dat
[2012/04/19 23:29:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Roger\Desktop\aswMBR.exe
[2012/04/19 22:46:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/15 19:42:31 | 000,195,388 | ---- | M] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:40:05 | 000,003,548 | ---- | M] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/26 08:03:36 | 000,001,301 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/23 11:00:11 | 000,001,888 | ---- | M] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/03/23 07:19:29 | 000,478,312 | ---- | M] (株式会社 コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
========== Files Created - No Company Name ==========
[2012/04/21 23:26:38 | 000,000,744 | ---- | C] () -- C:\Users\Roger\Desktop\ownership.reg
[2012/04/21 23:26:00 | 000,000,524 | ---- | C] () -- C:\Users\Roger\Desktop\ownership.zip
[2012/04/21 02:20:33 | 000,219,324 | ---- | C] () -- C:\Users\Roger\Desktop\java4.png
[2012/04/21 02:19:48 | 000,196,621 | ---- | C] () -- C:\Users\Roger\Desktop\java3.png
[2012/04/21 02:19:08 | 000,201,107 | ---- | C] () -- C:\Users\Roger\Desktop\java2.png
[2012/04/21 02:18:13 | 000,205,319 | ---- | C] () -- C:\Users\Roger\Desktop\java1.png
[2012/04/19 23:46:10 | 000,000,566 | ---- | C] () -- C:\Users\Roger\Desktop\MBR.zip
[2012/04/19 23:45:00 | 000,000,512 | ---- | C] () -- C:\Users\Roger\Desktop\MBR.dat
[2012/04/15 19:42:31 | 000,195,388 | ---- | C] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:20:58 | 000,003,548 | ---- | C] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/23 11:00:11 | 000,001,888 | ---- | C] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/02/20 22:53:08 | 000,000,017 | ---- | C] () -- C:\Users\Roger\AppData\Local\resmon.resmoncfg
[2012/02/13 23:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Roger\AppData\Local\{6E8214EB-F050-4AAD-9EA9-586718DD0119}
[2011/07/21 16:12:37 | 000,001,301 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/21 00:39:55 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/21 15:06:26 | 000,155,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/08 11:21:51 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
========== LOP Check ==========
[2011/08/15 20:24:03 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\2XClient
[2012/02/15 00:35:19 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\30FB9
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Acer
[2010/08/08 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Cakewalk
[2011/09/26 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\fltk.org
[2011/07/21 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\GetRightToGo
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Leadertech
[2011/10/02 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\MotioninJoy
[2010/10/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\OpenOffice.org
[2011/08/21 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\SPORE
[2011/09/12 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\TS3Client
[2011/11/17 23:12:18 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
oldman960
2012-04-22, 10:05
Hi aritus,
Good job. If you want to remove the Take Ownership option from the right click menu you can use the regfix in the attached zip, undo.zip. Just download it and extract the regfix, undo.reg and merge it like you did with ownership.reg.
JRE isn't really a problem other than being out of date. The older versions have vulnerabilties that can be exploited.
There are some websites that may require java so if you want to keep java on your computer they should be updated. If you feel you don't need java you can skip the download part and go right to the uninstall.
You can get the newest version of Java 32bit and 64bit from HERE (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
in the Java Platform, Standard Edition section click the download button under JRE
Accept the Accept License Agreement
download Windows x86 (32-bit) Offline and Windows x64 (64-bit)
save them to your desktop, do not install them yet
Click start > Control panel
under Programs click Uninstall a program
Uninstall
Java(TM) 7 (64-bit)
Java(TM) SE Development Kit 7 (64-bit)
Java(TM) 6 Update 26
Next
Install the new java by double clicking the files you downlloaded. Remember to decline the Ask ToolBar.
Any problems?
Thanks. Before I do the undo, is there any reason NOT to leave the "take control" option?
And since you're here... does safer-networking have their own site scanner/blacklist? Normally I just google for a website scanner but evidently something slipped through and I'd like that not to happen again.
oldman960
2012-04-22, 20:07
Hi aritus,
As you can see it was fairly easy to take ownership so I don't think it would be a problem as far as malware goes, malware authors would just write thei own script. It might be something a curious user, other than yourself, might play with though.
does safer-networking have their own site scanner/blacklist?If you mean an on site url scanner, I don't believe so. VirusTotal (https://www.virustotal.com/#url)has one though.
WOT (http://www.mywot.com/) is an addon you can use.
Any issues with the computer?
No problems thus far :)
thank you soo much for your help :)
if I may ask just one more thing... Is Mozilla Firefox still the best browser to use? I read somewhere that it's becoming out-dated but I don't trust Chrome and I especially don't trust IE...
Again, thank you very much and I apologize for taking up so much of your time.
oldman960
2012-04-23, 18:11
Hi aritus,
No problem, it was enjoyable. FireFox is vulnerable to some malware specifically targeted at it which won't infect IE. So there isn't a perfect browser. Both IE8 and 9 have pretty good builtin security.
I don't see an antivirus program installed on this computer. I'll give you some links to some good free ones. You can install one after you remove the tools.
We'll clean up the tools now.
From your desktop, please delete, if present
any notepads/logs that we created
aswMBR.exe
mbr.zip
mbr.dat
DDS.scr
If you want to keep ownership.reg and undo.reg, that's fine.
Next
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
Next
You should reset your System Restore points, you never know what may be lurking in one of the old ones.
Create new Restore Point
Click your Start button
In the Search box type create restore[/B
click on [B]Create a restore point
Click the System Protection tab
click Create
Give your restore point a name and click Create
Wait while Windows creates a system restore point for you
Remove old Restore Points
Click the Start button
In the search box, type Disk Cleanup
in the list of results, click Disk Cleanup
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (usually C:) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab
under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.
I suggest you keep MBAM. Keep it updated and use it regularly.
Antivirus programs
Download and install one of these programs.
Avast (http://www.avast.com/free-antivirus-download)
Help and support can be found here Avast Forum (http://forum.avast.com/)
Antivir PersonalEditionClassic (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html)
Help and support can be found here Avira Personal Support Forum (http://www.free-av.com/en/support/index.html)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
Support (http://go.microsoft.com/fwlink/?LinkID=153442)
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall and install an antivirus program. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .
You can use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.
-Secure your Internet Explorer you will need it to visit some MS sites.
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
Take care
Thanks a lot for your help. :)
I know this sounds kind of dumb but I am actually glad this happened as I have learned a few new things and gained better insight on things that I thought I already knew. :)
I have to disagree with you on IE 8/9 though and I'll gladly tell you why. Set IE and FireFox home pages to Google and close both out. Run Spybot S&D and make sure it doesn't detect any thing (cookies included). If you disable your security and bring up Firefox (just to the google homepage, no where else) then close it out and run another scan the results will still be clean. If you disable your security and bring up IE (again just to the google home page) and close it out then do another scan you'll immediately discover AdawareTracking or some derivative of that name. I have cookies disabled on both browsers. In my personal opinion, if IE can't even block a simple cookie on its own, it is not a safe browser. Even if a later version of IE than the one I have fixed this problem it is still the most widely used browser and I'm certain that more malware is written for it than any other on the market, albeit that may change in a few years when everyone switches to Chrome.
Maybe I'm just paranoid, maybe I'm stubborn, but that's my opinion. I don't even use facebook or myspace because I've proven that it is ridiculously easy to get all sorts of malware from those places and while a good anti-virus might keep them out, why risk the chance of being the first one to catch the latest virus that updates haven't detected yet?
Thanks again for all your help! :) I do have another question though, and if you prefer I search another section of this forum for the answer I will understand.
With Spyboy S&D 2 out is Spybot S&D obsolete?
sorry to double post but..
you said you didn't find any antivirus on my system... does Spybot 2 Antispyware Protection not count?
oldman960
2012-04-25, 05:08
Hi aritus,
You're welcome.
does Spybot 2 Antispyware Protection not count? The key is AntiSpyware Spybot is not an antivirus program. They do different things though sometimes overlap. They can be used together to form a layered protection system.
Too many programs, IMO, use the detection of "Tracking" cookies as sales pitch. Look at what I found and saved you from. If it was really nasty don't you think the tool should either block it or remove it automatically? Cookies are not particularly dangerous, I know I have one set for this forum because I'm too lazy to sign in each time I come here. There's some good cookie information HERE (http://webdesign.about.com/od/cookies/a/aa021506.htm) and HERE (http://webdesign.about.com/cs/cookies/a/aa071300a.htm).
As for IE8 and 9
Internet Explorer 8
Click "Safety" on the Command bar
Select "Delete Browsing History"
Select the option for cookies and click Delete
Alternatively, Internet Explorer 8's new InPrivate browsing feature allows users to browse the internet without recording information from visited sites (including cookies). To use InPrivate mode:
Click "Safety" on the Command bar
Select "InPrivate Browsing"
http://www.aboutcookies.org/Default.aspx?page=2
There is also information for other browsers in the above link.
chrome is not invulnerable and is just as easily hijacked as other browsers.
I agree with you on FaceBook and other social sites. There is far too much unmonitored content. In this day of social engineering it's very easy to get the curious or morbid to click on a link to view the latest disaster or whatever might grab a viewer's attention.
Security programs will always play catch up. First the malware then the detection. You need to ask yourself is it worth the risk of not being protected against still unwritten malware and known malware or at least being protected against known malware.
SpyBot is not obsolete but will probably be phased out once SB2 is ready. As far as I know 1.6.2. is the current version and SB2 is still in Beta testing.
http://www.safer-networking.org/en/home/index.html
Take care.
insightful. (but I still won't use IE.. call me stubborn if you want)
I agree on the antivirus bit. In my ignorance I had thought AntiSpyware was just another name for it.:oops:
I am still a little shocked by the hijack but I think I know where it came from. I had downloaded several lesser known browsers recently. When this started happening I removed everything I recently downloaded and performed scans etc etc but at the time didn't put effect together with cause.
I think I'll be sticking with FireFox for a long time. Like you said, they all have their vulnerabilities. I guess it's just a matter of personal opinion/comfort.
Thank you so much for your time and information.
Have a nice day.
(would say see you later but if that ever happens I would hope it on better circumstances) :)
oldman960
2012-04-27, 09:44
Hi aritus,
You are more than welcome.
I think I'll be sticking with FireFox for a long time. Like you said, they all have their vulnerabilities. I guess it's just a matter of personal opinion/comfort.
Yes that's what it pretty much comes down to. :bigthumb:
Take care.
oldman960
2012-04-29, 16:04
Since this issue appears to be resolved ... this Topic has been closed.