Hosts Hijack

**aritus** · 2012-04-18, 03:58

Hello, bit of an annoyance here. I've been battling this problem for a while now and searched everything I can think of to fix it. My hosts file has been hijacked. I usually help others with this sort of problem so my first thoughts were that it wasn't a big deal and I'd just fix it myself. Several weeks later I come to this forum because I can't even edit my hosts file in safe mode without getting access denied.

DDS log as per "Read Before Posting"

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Roger at 21:47:45 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.2812.1656 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Palringo\palringo.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0304z1l5t49j2x232
uInternet Settings,ProxyServer = http=127.0.0.1:50081
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [JumiController]
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Akamai NetSession Interface] "C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\1553833535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\2456C6B696E6F574F575962756C6563737F5244473248353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\3747169737D6162747 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}\43F5F6C6D657E6B637 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\huk8dv93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-23 1181104]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-23 166528]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\system32\DRIVERS\Neo_0001.sys --> C:\Windows\system32\DRIVERS\Neo_0001.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-23 1185704]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 vpnclient;PacketiX VPN Client;C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-5-15 2478080]
.
=============== Created Last 30 ================
.
2012-04-18 01:12:23 -------- d-----w- C:\Users\Roger\AppData\Local\{B0EE6845-A02F-45F7-AC29-4F3DBC675A2D}
2012-04-18 01:12:10 -------- d-----w- C:\Users\Roger\AppData\Local\{561545E0-96A6-4149-8336-3762246030AC}
2012-04-16 23:03:41 -------- d-----w- C:\Users\Roger\AppData\Local\{6206CA4F-68A7-454D-806E-CE2781284303}
2012-04-16 23:03:28 -------- d-----w- C:\Users\Roger\AppData\Local\{66716546-0958-455A-A91D-632F4C688AA2}
2012-04-15 22:39:18 -------- d-----w- C:\Users\Roger\AppData\Local\{98AEA568-EAA0-4AC7-A921-79D13BF32E13}
2012-04-15 22:39:05 -------- d-----w- C:\Users\Roger\AppData\Local\{91D62BEE-CCF5-4239-B3AC-0FED25DA986C}
2012-04-14 21:18:33 -------- d-----w- C:\Users\Roger\AppData\Local\{1ED158E6-BC20-4AD5-BFE3-595731E23755}
2012-04-12 16:16:52 -------- d-----w- C:\Users\Roger\AppData\Local\{060FFCE7-3401-4CF3-B2FA-F6D650FE58AD}
2012-04-11 23:40:02 -------- d-----w- C:\Users\Roger\AppData\Local\{D6A9E2E1-9E6E-4F6C-B128-9C0F22274E55}
2012-04-11 01:26:13 -------- d-----w- C:\Users\Roger\AppData\Local\{401989FE-1CB8-480C-804C-BE6E7FAA6ABF}
2012-04-10 00:18:38 -------- d-----w- C:\Users\Roger\AppData\Local\{9AE3D228-D649-492C-B96C-7D41FF4FD467}
2012-04-08 17:50:54 -------- d-----w- C:\Users\Roger\AppData\Local\{FD975B7C-7E4F-4243-8EF3-CA453DA1870A}
2012-04-07 21:51:04 -------- d-----w- C:\Users\Roger\AppData\Local\{F22C861F-B887-4CB5-97FB-56A6A76C3F9A}
2012-04-07 09:50:39 -------- d-----w- C:\Users\Roger\AppData\Local\{C80C3F3C-1E2A-40DF-90F0-1AA2B156FCE8}
2012-04-06 21:50:27 -------- d-----w- C:\Users\Roger\AppData\Local\{688202CF-623B-4812-92BE-7A79F84F6D6B}
2012-04-06 21:41:12 -------- d-----w- C:\Program Files (x86)\Palringo
2012-04-05 19:18:54 -------- d-----w- C:\Users\Roger\AppData\Local\{707319B0-56AC-40EB-8F1A-F3E960F5634F}
2012-04-05 00:32:30 -------- d-----w- C:\Users\Roger\AppData\Local\{32D772A4-ECC1-4C9C-B565-B09644245595}
2012-04-04 01:07:29 -------- d-----w- C:\Users\Roger\AppData\Local\{A43E1B90-9F55-4D5B-B1E2-8EA3B1C95790}
2012-04-03 10:55:48 -------- d-----w- C:\Users\Roger\AppData\Local\{D9FED71C-2DEA-44F2-92B1-E8869AF193B3}
2012-04-02 22:55:22 -------- d-----w- C:\Users\Roger\AppData\Local\{1B913A82-19D1-40CB-9274-5EF3E03D9C3B}
2012-04-02 01:22:46 -------- d-----w- C:\Users\Roger\AppData\Local\{53A4CD5A-93B3-4091-A8A8-041423BD8322}
2012-03-29 01:22:53 -------- d-----w- C:\Users\Roger\AppData\Local\{AFAB569C-D0D0-4894-B989-F75AAF24CD27}
2012-03-26 01:05:45 -------- d-----w- C:\Users\Roger\AppData\Local\{C5DA689F-D492-452C-89CB-8614EE8CE5ED}
2012-03-26 01:05:30 -------- d-----w- C:\Users\Roger\AppData\Local\{810E81B0-E923-4B4A-AB4F-5DE980B97855}
2012-03-25 02:18:41 -------- d-----w- C:\Users\Roger\AppData\Local\{147A021E-77E2-4406-B2B2-B4A45EEB3F36}
2012-03-23 15:31:07 -------- d-----w- C:\Users\Roger\AppData\Local\{ECCBA241-E68D-4073-892D-F67E42398734}
2012-03-23 15:30:53 -------- d-----w- C:\Users\Roger\AppData\Local\{3E247D0A-61A4-4315-820A-43A4CFA46EE4}
2012-03-23 15:00:48 -------- d-----w- C:\Program Files (x86)\Koei
2012-03-23 02:23:34 -------- d-----w- C:\Users\Roger\AppData\Local\{7E0C8815-7687-4325-85C3-C62014A0349C}
2012-03-23 02:23:19 -------- d-----w- C:\Users\Roger\AppData\Local\{555C8E2A-63D6-4DA0-8907-5852E54922B1}
2012-03-22 14:22:33 -------- d-----w- C:\Users\Roger\AppData\Local\{C5771DA1-1B6B-49F6-B544-D70D58DDC86D}
2012-03-22 14:22:17 -------- d-----w- C:\Users\Roger\AppData\Local\{68265630-3595-4073-9456-EC937973D534}
2012-03-22 02:21:43 -------- d-----w- C:\Users\Roger\AppData\Local\{B802B1D6-9F0C-4793-B26F-BE46BC136038}
2012-03-22 02:21:30 -------- d-----w- C:\Users\Roger\AppData\Local\{BA031877-209E-4B1C-A5A3-29EDD05AEAF6}
2012-03-21 14:20:49 -------- d-----w- C:\Users\Roger\AppData\Local\{9FF791C7-ABCF-45B5-8F2C-E2FAE8B6CA28}
2012-03-21 14:20:28 -------- d-----w- C:\Users\Roger\AppData\Local\{402FC02C-4C5F-4A1D-BAE5-B9D5DFED244F}
2012-03-21 02:20:06 -------- d-----w- C:\Users\Roger\AppData\Local\{140F1AE6-2D97-40A1-80F1-E81733902444}
2012-03-21 02:19:52 -------- d-----w- C:\Users\Roger\AppData\Local\{3D7D0E03-CB89-41D6-BA48-2006E13CFD81}
2012-03-20 14:16:42 -------- d-----w- C:\Users\Roger\AppData\Local\{05034373-57FC-4897-98B4-424B529171BA}
2012-03-20 14:15:14 -------- d-----w- C:\Users\Roger\AppData\Local\{C4DF83B3-9B2D-4E6A-9C19-B5EF3866FCEF}
2012-03-20 02:13:52 -------- d-----w- C:\Users\Roger\AppData\Local\{55D903E0-F451-4309-9767-F796A79A2798}
2012-03-20 02:13:40 -------- d-----w- C:\Users\Roger\AppData\Local\{E748DF1F-E14F-4278-B143-304189019574}
2012-03-19 14:10:16 -------- d-----w- C:\Users\Roger\AppData\Local\{78E58416-61DD-44C2-B942-BF710146DF42}
2012-03-19 14:09:10 -------- d-----w- C:\Users\Roger\AppData\Local\{57B0A42C-9117-4E45-B95D-8C8531132823}
2012-03-19 02:08:46 -------- d-----w- C:\Users\Roger\AppData\Local\{1B944DEB-8B85-432D-BC5D-EA47D03D2314}
2012-03-19 02:08:16 -------- d-----w- C:\Users\Roger\AppData\Local\{CEB3455F-5025-4A59-BEEE-EA16255C7E98}
.
==================== Find3M ====================
.
2012-02-29 05:51:21 1293089208 ----a-w- C:\Users\Roger\SilkroadOnline_SROROfficial_v1_014.exe
2012-02-19 13:48:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:49:35.44 ===============

Here's hoping that you post back soon.

Some extra, possibly needed, information.

I have run S&D multiple times, SUPERantispyware, Malwarebytes, and Hijack This.

**oldman960** · 2012-04-19, 18:11

Hi aritus, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

This usually gets you past some of the Win7 security.

Click Start

in the Search box type notepad
notepad will appear at the top of the list
right click it and click "Run as Administrator"
Ok it to run
in the notepad that opens click file, click open
change the box in the lower right to All files (*.*)
change the encoding box to Ansi
navigate to c:\Windows\System32\drivers\etc\hosts
click open
delete these lines

Did the Hosts open?

This stuff usually comes along with friends.

Download OTL to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

If asked to download Avast's definitions please do so.

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with

both OTL logs
aswMBR log
mbr.zip (attached)

**aritus** · 2012-04-20, 05:48

OTL logfile created on: 4/19/2012 11:12:57 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Roger\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.60% Memory free
5.49 Gb Paging File | 4.23 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 19.24 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: ROGER-PC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Roger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Palringo\palringo.exe (Palringo Limited)
PRC - C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files (x86)\Palringo\libspeex.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (vpnclient) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (SoftEther Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0001.sys (SoftEther Corporation)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z1l5t49j2x232
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...4z1l5t49j2x232
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...4z1l5t49j2x232
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://findgala.com/?&uid=5757&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50081

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 23:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/19 01:19:27 | 000,000,000 | ---D | M]

[2012/02/15 16:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\Extensions
[2012/02/19 01:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3nqb6ujo.default\extensions
[2012/02/15 16:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/16 23:05:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 13:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/14 01:09:40 | 000,001,398 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [JumiController] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{194F9A23-5F53-4940-B86D-36EE0947E00B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 22:46:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/19 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FCA1B7BB-444E-4336-8F66-D9A1AF180E04}
[2012/04/19 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AC3B0A0-9580-42D6-A413-B3514CA22868}
[2012/04/18 22:50:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3C9C9AAA-309E-4C0E-B0C2-337680252A5E}
[2012/04/18 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{8257B05B-E610-4CDC-A8BC-3FCED0E13F35}
[2012/04/17 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{B0EE6845-A02F-45F7-AC29-4F3DBC675A2D}
[2012/04/17 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{561545E0-96A6-4149-8336-3762246030AC}
[2012/04/16 19:03:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{6206CA4F-68A7-454D-806E-CE2781284303}
[2012/04/16 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{66716546-0958-455A-A91D-632F4C688AA2}
[2012/04/15 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{98AEA568-EAA0-4AC7-A921-79D13BF32E13}
[2012/04/15 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{91D62BEE-CCF5-4239-B3AC-0FED25DA986C}
[2012/04/14 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1ED158E6-BC20-4AD5-BFE3-595731E23755}
[2012/04/12 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{060FFCE7-3401-4CF3-B2FA-F6D650FE58AD}
[2012/04/11 19:40:02 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D6A9E2E1-9E6E-4F6C-B128-9C0F22274E55}
[2012/04/10 21:26:13 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{401989FE-1CB8-480C-804C-BE6E7FAA6ABF}
[2012/04/09 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9AE3D228-D649-492C-B96C-7D41FF4FD467}
[2012/04/08 13:50:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{FD975B7C-7E4F-4243-8EF3-CA453DA1870A}
[2012/04/07 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{F22C861F-B887-4CB5-97FB-56A6A76C3F9A}
[2012/04/07 05:50:39 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C80C3F3C-1E2A-40DF-90F0-1AA2B156FCE8}
[2012/04/06 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{688202CF-623B-4812-92BE-7A79F84F6D6B}
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2012/04/06 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2012/04/05 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{707319B0-56AC-40EB-8F1A-F3E960F5634F}
[2012/04/04 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{32D772A4-ECC1-4C9C-B565-B09644245595}
[2012/04/03 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{A43E1B90-9F55-4D5B-B1E2-8EA3B1C95790}
[2012/04/03 06:55:48 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{D9FED71C-2DEA-44F2-92B1-E8869AF193B3}
[2012/04/02 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{1B913A82-19D1-40CB-9274-5EF3E03D9C3B}
[2012/04/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{53A4CD5A-93B3-4091-A8A8-041423BD8322}
[2012/03/28 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{AFAB569C-D0D0-4894-B989-F75AAF24CD27}
[2012/03/25 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C5DA689F-D492-452C-89CB-8614EE8CE5ED}
[2012/03/25 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{810E81B0-E923-4B4A-AB4F-5DE980B97855}
[2012/03/25 08:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/03/24 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{147A021E-77E2-4406-B2B2-B4A45EEB3F36}
[2012/03/23 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Roger\Documents\KOEI
[2012/03/23 11:31:07 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{ECCBA241-E68D-4073-892D-F67E42398734}
[2012/03/23 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{3E247D0A-61A4-4315-820A-43A4CFA46EE4}
[2012/03/23 11:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koei
[2012/03/23 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koei
[2012/03/23 07:20:05 | 000,000,000 | ---D | C] -- C:\Users\Roger\Desktop\SSMOInstaller
[2012/03/23 07:19:25 | 000,478,312 | ---- | C] (株式会社　コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
[2012/03/22 22:23:34 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{7E0C8815-7687-4325-85C3-C62014A0349C}
[2012/03/22 22:23:19 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{555C8E2A-63D6-4DA0-8907-5852E54922B1}
[2012/03/22 10:22:33 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{C5771DA1-1B6B-49F6-B544-D70D58DDC86D}
[2012/03/22 10:22:17 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{68265630-3595-4073-9456-EC937973D534}
[2012/03/21 22:21:43 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{B802B1D6-9F0C-4793-B26F-BE46BC136038}
[2012/03/21 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{BA031877-209E-4B1C-A5A3-29EDD05AEAF6}
[2012/03/21 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{9FF791C7-ABCF-45B5-8F2C-E2FAE8B6CA28}
[2012/03/21 10:20:28 | 000,000,000 | ---D | C] -- C:\Users\Roger\AppData\Local\{402FC02C-4C5F-4A1D-BAE5-B9D5DFED244F}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 22:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 22:46:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/04/19 22:23:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 22:23:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 22:21:14 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/19 22:21:14 | 000,716,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/19 22:21:14 | 000,144,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 22:16:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 22:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 22:16:06 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 19:42:31 | 000,195,388 | ---- | M] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:40:05 | 000,003,548 | ---- | M] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/26 08:03:36 | 000,001,301 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/23 11:00:11 | 000,001,888 | ---- | M] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/03/23 07:19:29 | 000,478,312 | ---- | M] (株式会社　コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe
[2012/03/21 22:35:45 | 000,365,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 19:42:31 | 000,195,388 | ---- | C] () -- C:\Users\Roger\Desktop\Untitled.png
[2012/04/08 20:20:58 | 000,003,548 | ---- | C] () -- C:\Users\Roger\Documents\Three Faces of Quantrill.rtf
[2012/03/23 11:00:11 | 000,001,888 | ---- | C] () -- C:\Users\Roger\Desktop\真・三國無双 Online.lnk
[2012/02/20 22:53:08 | 000,000,017 | ---- | C] () -- C:\Users\Roger\AppData\Local\resmon.resmoncfg
[2012/02/13 23:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Roger\AppData\Local\{6E8214EB-F050-4AAD-9EA9-586718DD0119}
[2011/07/21 16:12:37 | 000,001,301 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/21 00:39:55 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/21 15:06:26 | 000,155,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/08 11:21:51 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe

========== LOP Check ==========

[2011/08/15 20:24:03 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\2XClient
[2012/02/15 00:35:19 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\30FB9
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Acer
[2010/08/08 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Cakewalk
[2011/09/26 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\fltk.org
[2011/07/21 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\GetRightToGo
[2010/01/31 10:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\Leadertech
[2011/10/02 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\MotioninJoy
[2010/10/16 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\OpenOffice.org
[2011/08/21 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\SPORE
[2011/09/12 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Roger\AppData\Roaming\TS3Client
[2011/11/17 23:12:18 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/11/05 15:47:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/19 22:16:06 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/08/15 20:45:08 | 000,027,350 | ---- | M] () -- C:\Jumi.Log
[2011/08/20 00:15:04 | 000,002,918 | -H-- | M] () -- C:\Jumi.Log.Run
[2012/02/15 15:25:09 | 000,268,785 | ---- | M] () -- C:\MGlogs.zip
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/19 22:16:05 | 2948,648,960 | -HS- | M] () -- C:\pagefile.sys
[2011/07/01 09:41:17 | 000,013,516 | ---- | M] () -- C:\Readme and Credits.txt
[2009/11/05 15:57:50 | 000,002,051 | ---- | M] () -- C:\RHDSetup.log
[2012/02/15 08:10:15 | 000,080,640 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_07.09.02_log.txt
[2012/02/15 08:13:49 | 000,077,842 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_07.13.04_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/05/12 19:55:18 | 000,000,984 | ---- | M] () -- C:\Program Files (x86)\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/19 22:46:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Roger\Desktop\OTL.exe
[2012/03/23 07:19:29 | 000,478,312 | ---- | M] (株式会社　コーエーテクモゲームス) -- C:\Users\Roger\Desktop\SSMOStarter.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/13 22:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2012/02/07 18:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-D5E97654.PF >
[2012/04/09 23:01:49 | 000,028,124 | ---- | M] () MD5=BFE8CC665FB5DD32215D28F9EA454422 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

< MD5 for: IEXPLORE.EXE >
[2011/04/22 16:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2011/04/22 16:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/04/22 16:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2009/07/13 21:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 15:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2012/04/14 23:54:10 | 000,136,650 | ---- | M] () MD5=C2CAFB224F70D3174C36387A7DCA7E6E -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 22:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

**aritus** · 2012-04-20, 05:50

OTL Extras logfile created on: 4/19/2012 11:12:57 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Roger\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.60% Memory free
5.49 Gb Paging File | 4.23 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 19.24 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: ROGER-PC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"????" = ????
"{01670638-5575-4B29-9072-052889773822}" = 真・三國無双 Online
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1E0996AC-FE12-46E5-ADB5-4C2E68471B5A}_is1" = Scarlet Legacy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CFB26F6-151E-4148-96EE-853A6B7A1EC9}" = Dark Basic Professional CD 1.058 Upgrade
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F984FA-F7CF-4C3C-B850-F8D8CCA7D028}" = Dark Basic Professional 1.066 Upgrade
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9769365A-CCB5-4E36-8803-042DA23C30CA}" = Dark Basic Professional Online
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E2781-2E22-4485-A33A-6F3E322A3F2D}" = PacketiX VPN Client (English)
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D World Studio_is1" = 3D World Studio 5.52
"7-Zip" = 7-Zip 4.42
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"Cartography Shop_is1" = Cartography Shop Free
"CharacterFX" = CharacterFX (remove only)
"CleanUp!" = CleanUp!
"Deep Paint" = Deep Paint
"DreamStation DXi2" = DreamStation DXi2
"Dynasty Warriors Online" = Dynasty Warriors Online
"EarthSculptor_is1" = EarthSculptor 1.05
"fragMOTION 0.9.5_is1" = fragMOTION 0.9.5
"fragMOTION SDK_is1" = fragMOTION SDK 0.8.5
"Fraps" = Fraps (remove only)
"gile[s]_is1" = gile[s] V1.36
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Kingdom Heroes" = Kingdom Heroes
"LManager" = Launch Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Mabinogi Frontend" = Mabinogi Frontend
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MeshLab" = MeshLab 1.1.1
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Palringo" = Palringo
"SilkroadR" = SilkroadR
"SONAR Home Studio 4" = SONAR Home Studio 4
"ST6UNST #1" = Media Copy v1.1
"Star Trek Online" = Star Trek Online
"tree[d]_is1" = tree[d] V3.0
"Ultimate Unwrap3D Pro 3.15_is1" = Ultimate Unwrap3D Pro 3.15
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2012 10:50:08 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c48 Start
Time: 01ccf300eae93a98 Termination Time: 111 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin

Report
Id:

Error - 2/24/2012 10:55:40 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 118c Start
Time: 01ccf303a33a0982 Termination Time: 129 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin

Report
Id:

Error - 2/24/2012 11:16:32 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c7c Start
Time: 01ccf3060ae919cd Termination Time: 258 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin

Report
Id:

Error - 2/24/2012 11:50:43 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 290 Start
Time: 01ccf30759dca689 Termination Time: 254 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin

Report
Id:

Error - 2/24/2012 2:40:08 PM | Computer Name = Roger-PC | Source = Application Error | ID = 1000
Description = Faulting application name: YahooMessenger.exe, version: 10.0.0.1270,
time stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x60f98630 Faulting
process id: 0x480 Faulting application start time: 0x01ccf2aa3a272804 Faulting application
path: C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe Faulting module
path: ymsdk.dll Report Id: f93f1b8f-5f16-11e1-9ae2-00235a728c15

Error - 2/24/2012 3:16:53 PM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program DWOnline.bin version 2.200.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6bc Start
Time: 01ccf30c18a032f3 Termination Time: 152 Application Path: C:\AeriaGames\DynastyWarriorsOnline\DWOnline.bin

Report
Id:

Error - 2/25/2012 1:04:03 PM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/26/2012 1:40:58 AM | Computer Name = Roger-PC | Source = Application Hang | ID = 1002
Description = The program gimp-2.6.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1264 Start
Time: 01ccf448e3bcbb42 Termination Time: 132 Application Path: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe

Report
Id: 71dd7410-603c-11e1-b05b-00235a728c15

Error - 2/28/2012 1:56:12 AM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/2/2012 9:32:45 AM | Computer Name = Roger-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 3/19/2010 8:25:28 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:25:28 PM - Error connecting to the internet. 8:25:28 PM - Unable
to contact server..

Error - 3/19/2010 8:25:42 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:25:33 PM - Error connecting to the internet. 8:25:33 PM - Unable
to contact server..

Error - 3/21/2010 5:18:25 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 5:18:25 PM - Error connecting to the internet. 5:18:25 PM - Unable
to contact server..

Error - 3/21/2010 5:18:37 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 5:18:30 PM - Error connecting to the internet. 5:18:30 PM - Unable
to contact server..

Error - 3/22/2010 8:03:25 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:03:25 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 3/22/2010 8:04:29 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:04:08 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 3/22/2010 8:05:11 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:04:50 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 3/22/2010 8:05:53 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:05:32 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 3/22/2010 8:06:35 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:06:14 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 3/22/2010 8:07:03 PM | Computer Name = Roger-PC | Source = MCUpdate | ID = 0
Description = 8:06:56 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 4/17/2012 9:05:10 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/18/2012 10:13:23 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/18/2012 10:13:23 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/18/2012 10:13:43 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 4/18/2012 10:13:49 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 4/18/2012 10:14:00 PM | Computer Name = Roger-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/19/2012 10:16:11 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/19/2012 10:16:11 PM | Computer Name = Roger-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/19/2012 10:16:31 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 4/19/2012 10:16:39 PM | Computer Name = Roger-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

< End of report >

The hosts file would open but wouldn't save even when running notepad as administrator from CMD.

**aritus** · 2012-04-20, 06:00

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 23:29:38
-----------------------------
23:29:38.546 OS Version: Windows x64 6.1.7600
23:29:38.546 Number of processors: 1 586 0x7C02
23:29:38.546 ComputerName: ROGER-PC UserName: Roger
23:29:39.919 Initialize success
23:30:51.839 AVAST engine defs: 12041901
23:31:28.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:31:28.327 Disk 0 Vendor: TOSHIBA_MK1655GSX FG011J Size: 152627MB BusType: 11
23:31:28.358 Disk 0 MBR read successfully
23:31:28.358 Disk 0 MBR scan
23:31:28.374 Disk 0 Windows 7 default MBR code
23:31:28.374 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
23:31:28.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
23:31:28.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
23:31:28.436 Disk 0 scanning C:\Windows\system32\drivers
23:31:42.976 Service scanning
23:32:42.256 Modules scanning
23:32:42.864 Disk 0 trace - called modules:
23:32:42.895 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:32:42.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ffa4a0]
23:32:42.911 3 CLASSPNP.SYS[fffff880010ae43f] -> nt!IofCallDriver -> [0xfffffa8003044040]
23:32:42.926 5 ACPI.sys[fffff88000ee6781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fe4060]
23:32:44.143 AVAST engine scan C:\Windows
23:32:47.450 AVAST engine scan C:\Windows\system32
23:38:05.457 AVAST engine scan C:\Windows\system32\drivers
23:38:20.729 AVAST engine scan C:\Users\Roger
23:43:14.228 AVAST engine scan C:\ProgramData
23:44:45.036 Scan finished successfully
23:45:00.090 Disk 0 MBR has been saved successfully to "C:\Users\Roger\Desktop\MBR.dat"
23:45:00.106 The log file has been saved successfully to "C:\Users\Roger\Desktop\aswMBR.txt"

**oldman960** · 2012-04-20, 23:37

Hi aritus,

I take it you couldn't open the Hosts file? Did you have hidden files and folders unhidden? Any error messages?

**aritus** · 2012-04-21, 05:47

Originally Posted by aritus

The hosts file would open but wouldn't save even when running notepad as administrator from CMD.

I get "access denied." I've tried disabling Users, enabling Users, setting to full control, unchecking read only on every file and folder and subfolder of c:/windows but I still end up with "access denied" if I try to save the file. I can open it, just can't save it.

also I apologize for how late it is when I respond and thank you for taking the time to help

**oldman960** · 2012-04-21, 07:04

Hi aritus.

Sorry I missed your comment. Let's take care of a couple of things.

Your java is out of date. Click your start button > Control Panel

Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now
decline the Ask ToolBar if offered during the update

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:Services

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50081

:Reg
[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[emptytemp]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL fix log.

Next

Navigate to the Hosts file and right click it. You will now have a new right click menu item, take ownership . Click it. You should now be able edit the Hosts file.

Let me know how you make out. If you can successfully edit the Hosts please open OTL and click the quick scan button. There will only be an OTL.txt produced this time please post it as well.

**aritus** · 2012-04-21, 08:33

In control panel there is only 1 Java listed which when clicked opens Java Control Panel. 4 tabs: General, Java, Security, and Advanced

I searched every tab and there is no update on it.

So after I spent some time searching through that for a way to update I clicked the office button and in search typed Java (32) which brought up Java (32). When I clicked that a black box, which looked like CMD, came up for a split second and vanished. After which nothing happened. Ran as administrator and tried again, same result.

So I moved on.

After running the fix I navigated to Hosts and when I right clicked there was no Take Control command. Nothing had changed. I tried to edit the hosts file with notepad and received the Access Denied error.

I did not run a quick scan as I couldn't access hosts. The resulting log of the run fix is as follows.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_CLASSES_ROOT\*\shell\runas\\@|"Take Ownership" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\\"NoWorkingDirectory"|"" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\command\\@|"cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" /E : value set successfully!
HKEY_CLASSES_ROOT\*\shell\runas\command\\"IsolatedCommand"|"cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\\@|"Take Ownership" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\\"NoWorkingDirectory"|"" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\command\\@|"cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" /E : value set successfully!
HKEY_CLASSES_ROOT\Directory\shell\runas\command\\"IsolatedCommand"|"cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roger\Desktop\cmd.bat deleted successfully.
C:\Users\Roger\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Roger
->Temp folder emptied: 262458537 bytes
->Temporary Internet Files folder emptied: 56172275 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 153631066 bytes
->Apple Safari cache emptied: 2625536 bytes
->Flash cache emptied: 1406 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12523335 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 63085 bytes

Total Files Cleaned = 465.00 mb

OTL by OldTimer - Version 3.2.40.0 log created on 04212012_020617

Files\Folders moved on Reboot...
C:\Users\Roger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

**oldman960** · 2012-04-21, 09:40

Hi aritus,

Well we do seem to be hitting a few bumps in the road but we can get by them. I'm not sure why there isn't a Java (32bit) listed in your control panel as you do have a 32 bit version installed. We can update it manually later. The java applet with only the 4 tabs would be the 64bit applet, there isn't an update tab for this version by design.

Let's see if we can get the right click menu item installed. We'll do that the old fashion way also.

Download the attached file, ownership.zip and save it to your desktop. Extract the contents to your desktop.

you should now have a file named ownership.reg on your desktop with an icon like this
right click it and click merge
accept any warning you might recieve
reboot the computer

Let me know if you recieve any error message.

Try taking ownership of the Hosts file now.

Thread: Hosts Hijack

Thread Tools

Display

Hosts Hijack

Posting Permissions