Am I infected?

[KristopherAC]

Ok so I've ran some scans (Norton and Spybot) today, and Norton has found the normal threats (Tracking cookies) and I'm not sure what Spybot found (I don't think it was anything dire.) But when I was looking through my startup entrys via CCleaner, I found an odd named program (Bat Base Wave Dale), and immediately set off to google and searched it.

Now I've downloaded Hijackthis, and scanned, and "fixed" the aforementioned file, but I'd like to know if I'm infected with other baddies, or if the other threat is still there.

Here is my latest Hijackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:14 PM, on 3/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Drv Info] "C:\ProgramData\Bore Send Send.9nxmjdi"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 11637 bytes

Now, I'm not the first owner of this computer, and I'm still cleaning out bits and pieces of what the previous owner left behind, so I'm not 100% sure what some of the stuff on this computer is, or why its there, but any help would be greatly appreciated.

I've scanned through the rules again and noticed I've missed a few things;

First off, I'm still experiencing the problems that led me to believe I'm infected which are:

Pop-ups from Internet Explorer (When I have no active IE windows up, and Firefox is my default browser), even with the pop-up blocker from IE turned on.

Internet Explorer in the Processes tab in the Task Manager (Again, with no active IE instances up), ending IE does not get rid of it (It just pops back onto it)

Occasionally the pages that are in the rampant IE window come up with Norton as "Malicious".

(Probably unrelated) I've tried to install this update multiple times but it has failed,

Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)

Download size: 13.5 MB

You may need to restart your computer for this update to take effect.

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkID=127769

Help and Support:
http://support.microsoft.com

Other than that, I've noticed no more symptoms.

Second, the SPS&D scan only turned up cookies.

I've re-followed the instructions in Post #2 of the rules, so if I need to re-post a HJT log, please tell me.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

 

[Blade81]

Hi there,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Copy-paste following contents into custom scan -area:
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  /md5stop
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

[KristopherAC]

Thanks for the reply, here are the logs;

OTL Extras logfile created on: 3/29/2010 11:16:44 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\kitkat\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
11.00 Gb Paging File | 8.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.64 Gb Total Space | 330.44 Gb Free Space | 73.00% Space Free | Partition Type: NTFS
Drive D: | 13.12 Gb Total Space | 1.79 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 610.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KITKAT-PC
Current User Name: kitkat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 56 B3 91 07 94 37 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B93FF1-A012-4FB3-8AF3-F6A3DF1FF5B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25EC7167-3D67-47CE-A2BB-F77B5CB99E74}" = rport=445 | protocol=6 | dir=out | app=system |
"{31267AB3-1E24-47DD-BDE2-4207C4D97524}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3513C39B-5C34-49A1-B5E1-F3B3084081B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F92429-B86B-460D-B5F8-103F5298BD3F}" = rport=139 | protocol=6 | dir=out | app=system |
"{39EFA8EA-4FC5-4513-BB9C-11F55863CAC6}" = lport=137 | protocol=17 | dir=in | app=system |
"{69E53E65-467C-458A-9C1E-2E6FA3A0F292}" = lport=139 | protocol=6 | dir=in | app=system |
"{6AA8A27C-5804-4B22-AFAB-757F47ED7370}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2EEF313-9E37-457E-B6BC-2689417062A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{E64BDB30-35D7-4E8D-B35C-64A8C4CE4196}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042E1712-6FAB-40D3-8374-7DA5059E6FDE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{0A87A937-7F00-4903-974D-CBAC14DAFE90}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{0B07FDC5-CE79-4588-9A65-E732F33A49FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{0F40F460-F68E-4B06-AFCC-2567492549E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{135AF216-AFF8-489B-8EA7-585DA077EE62}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1D33B346-BEAF-4B10-B979-60097B9F4EEF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{1EEA1196-E99D-4A51-A274-B011D6EBA66B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{256A4346-5A48-428E-BFC8-55FCD7248FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{2635FB57-3D27-4BBC-989C-DDECA0AA6155}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3D401228-815E-44E9-993B-C6515E222E85}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{410A27BD-5516-42A5-B2CC-918B93246EED}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{42FCFDF1-9AF0-4AE5-8AEB-1D75F2CD2100}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{4B3C9D54-3807-4DC4-B5E5-841F3DD45313}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{525628D8-3365-40CF-AE44-9C6DC415B9BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{54BB1F8A-BC7E-40D9-B093-573756DBC401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{5653E99F-4624-45FF-83B1-03CC75D41469}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5B2D667F-DA8E-4557-91DE-99802911CFA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5C188229-F249-4C82-954D-4206F81864FB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5FF0558C-2D60-4FB8-9AA8-C1A87DD60F1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{64323A9D-7C4F-48A4-BCE6-BBA1F12475BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{69129D68-C682-4451-960A-D7D9489A422B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6DC5C39C-54E9-4B3B-82CE-AF5724983A95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6F2F1D4E-5896-463E-A3A0-2C652B7DD42A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{75D5A656-4232-4EC6-9E34-1C6593962C27}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |
"{76E49EDC-D705-4230-AE7F-A437AC67D682}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{7BFB04C8-C4DA-468B-A4EC-90F6FC945C17}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{7C08068A-67B8-438C-9FB2-9FE56888BE4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90FFA386-834F-44D6-829A-10EE98A5AC47}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{91D25BA4-114D-45BA-90F7-7B62A29B1122}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{92752180-431D-475D-A771-F4752E654DB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{933BDCF3-3C9A-4F1F-9451-C921C422F70F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{970107D1-6600-419B-B289-B3C00F70B1EB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{9B1F4EED-9481-4FF6-A58A-E170E9253081}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CEDAD17-1114-4DE1-B657-1F1002D75E20}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{9D63926A-92B9-40BB-9B15-70FAECC3AC20}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9D9EE397-6F95-483F-A350-1BCA2E2EDB16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{ADB4E78B-00E8-4A80-8D77-0901C1C5017C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{AEA14B31-9F99-4C05-A8B6-20F15AFFFE66}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{B0FA34EC-2DC6-403C-9410-425E1CCCF60F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BA622AA8-8711-45E6-A067-E900B4260C56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{C25CEC63-F9B7-4A62-9CBB-72251B6D2C67}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{C2A86D7B-D967-407F-99C6-B62AB80CDD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{C4E96C84-99B5-491C-96A6-2EAA82BD1AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{C57B9EC8-67B8-4049-B4A8-767B6FBC5865}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C722973E-3671-4F83-9ABF-61EB971BCAFE}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{CC83ABE8-DFA0-40E0-83E5-5CC227D219FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{D06443BB-E6CA-49BD-A41B-C2357CAE65F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D1A20CF0-2BE4-49A6-94CA-DE6CDD033D90}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D1ADF20E-9937-436D-92F0-8B5D0DA056A7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{DE5CE14A-DE4C-463F-8DCA-167624F426D3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E026027B-5730-4C91-8745-198C07873EDA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E3E6DDD7-4BC2-49E0-8C07-361F478D44C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{E87EFA28-178F-4C10-8578-E880F5CFEF95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EAE27620-5C51-4C09-B221-5EB7E0789E6B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EE90643A-C0C0-433A-92B8-9C361EF20215}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2D054D6-7434-4767-B973-594A64468B7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{F70275B8-D443-4E5E-9E2C-571A0C383979}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F723D118-0981-450A-BE94-73EE2737FFFF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F74972F4-1487-4091-A689-7D89D77C77C7}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{F7B6DE37-B8F2-4399-9C04-D4E546BEAFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BC9740C-F4F1-4C90-B72E-3F9EDB694309}" = Livestream Procaster
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online - Eberron Unlimited™
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Diablo" = Diablo
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Steam App 41500" = Torchlight
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"World of Warcraft" = World of Warcraft
"X-Chat 2_is1" = X-Chat 2.8.6-2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2010 11:51:37 PM | Computer Name = kitkat-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/26/2010 11:52:08 PM | Computer Name = kitkat-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/27/2010 2:32:49 AM | Computer Name = kitkat-PC | Source = Application Error | ID = 1000
Description = Faulting application Torment.exe, version 1.0.0.1, time stamp 0x3b8f1527,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000005, fault offset 0x0002a536, process id 0x1690, application start time
0x01cacd75e80d745e.

Error - 3/27/2010 2:49:53 AM | Computer Name = kitkat-PC | Source = Application Error | ID = 1000
Description = Faulting application dndclient.exe, version 1.11.0.8125, time stamp
0x4b727939, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x136a680a, process id 0x12ec, application start time
0x01cacd77a83319fe.

Error - 3/27/2010 3:01:47 AM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/27/2010 3:01:47 AM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/27/2010 3:01:47 AM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 3/27/2010 12:17:27 PM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/27/2010 12:17:27 PM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/27/2010 12:17:28 PM | Computer Name = kitkat-PC | Source = MsiInstaller | ID = 1023
Description =

[ System Events ]
Error - 3/26/2010 2:30:56 AM | Computer Name = kitkat-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/26/2010 2:30:56 AM | Computer Name = kitkat-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 2:30:56 AM | Computer Name = kitkat-PC | Source = DCOM | ID = 10005
Description =

Error - 3/26/2010 3:01:37 AM | Computer Name = kitkat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/26/2010 5:32:57 PM | Computer Name = kitkat-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/26/2010 5:32:57 PM | Computer Name = kitkat-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2010 3:02:14 AM | Computer Name = kitkat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/27/2010 12:18:02 PM | Computer Name = kitkat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/28/2010 3:04:20 AM | Computer Name = kitkat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/29/2010 3:02:13 AM | Computer Name = kitkat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

Second post incoming.

 

[KristopherAC]

OTL logfile created on: 3/29/2010 11:16:44 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\kitkat\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
11.00 Gb Paging File | 8.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.64 Gb Total Space | 330.44 Gb Free Space | 73.00% Space Free | Partition Type: NTFS
Drive D: | 13.12 Gb Total Space | 1.79 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 610.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KITKAT-PC
Current User Name: kitkat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\kitkat\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\kitkat\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (LiveTurbineMessageService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100329.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100329.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)


========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Desktop\TLsaves
[2010/03/27 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Documents\appdata
[2010/03/26 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle
[2010/03/26 23:47:11 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/03/26 23:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo
[2010/03/26 17:44:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/03/26 17:44:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/03/26 17:44:33 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/03/26 17:44:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/03/26 17:44:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/03/26 17:44:32 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/03/26 17:44:31 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/03/26 17:44:31 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/03/26 17:44:31 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/03/26 17:44:31 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/03/26 17:44:30 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/03/26 17:44:30 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/03/26 17:44:30 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/03/26 17:44:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/03/26 17:44:29 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/03/26 17:44:29 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/03/26 17:44:29 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/03/26 17:44:29 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/03/26 17:44:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/03/26 17:44:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/03/26 17:44:27 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/03/26 17:44:27 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/03/26 17:44:27 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/03/26 17:44:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/03/26 17:44:26 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/03/26 17:44:26 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/03/26 17:44:25 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/03/26 17:44:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/03/26 17:44:24 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/03/26 17:44:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/03/26 17:44:24 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/03/26 17:44:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/03/26 17:44:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/03/26 17:44:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/03/26 17:44:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/03/26 17:44:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/03/26 17:44:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/03/26 17:44:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/03/26 17:44:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/03/26 17:44:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/03/26 17:44:21 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/03/26 17:44:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/03/26 17:44:21 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/03/26 17:44:21 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/03/26 17:44:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/03/26 17:44:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/03/26 17:44:19 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/03/26 17:44:19 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/03/26 17:44:19 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/03/26 17:44:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/03/26 17:44:19 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/03/26 17:44:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/03/26 17:44:18 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/03/26 17:44:18 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/03/26 17:44:17 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/03/26 17:44:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/03/26 17:44:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/03/26 17:44:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/03/26 17:44:15 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/03/26 17:44:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/03/26 17:44:14 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/03/26 17:44:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/03/26 17:44:14 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/03/26 17:44:14 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/03/26 17:44:14 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/03/26 17:44:14 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/03/26 17:44:12 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/03/26 17:44:12 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/03/26 17:44:11 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/03/26 17:44:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/03/26 17:44:11 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/03/26 17:44:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/03/26 17:44:10 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/03/26 17:44:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/03/26 17:44:08 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/03/26 17:44:08 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/03/26 17:44:08 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/03/26 17:44:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/03/26 17:44:08 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/03/26 17:44:08 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/03/26 17:44:07 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/03/26 17:44:07 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/03/26 17:44:06 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/03/26 17:44:06 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/03/26 17:44:06 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/03/26 17:44:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/03/26 17:44:06 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/03/26 17:44:06 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/03/26 17:44:06 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/03/26 17:44:06 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/03/26 17:44:05 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/03/26 17:44:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/03/26 17:44:05 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/03/26 17:44:05 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/03/26 17:44:04 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/03/26 17:44:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/03/26 17:44:03 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/03/26 17:44:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/03/26 17:44:03 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/03/26 17:44:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/03/26 17:44:03 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/03/26 17:44:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/03/26 17:44:01 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/03/26 17:44:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/03/26 17:44:00 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/03/26 17:44:00 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/03/26 17:43:59 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/03/26 17:43:59 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/03/26 17:43:57 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/03/26 17:43:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/03/26 17:43:57 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/03/26 17:43:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/03/26 17:43:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/03/26 17:43:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/03/26 17:43:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/03/26 17:43:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/03/26 17:43:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/03/26 17:43:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/03/26 17:43:54 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/03/26 17:43:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/03/26 17:43:54 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/03/26 17:43:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/03/26 17:43:53 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/03/26 17:43:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/03/26 17:43:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/03/26 17:43:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/03/26 17:43:42 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/03/26 17:43:42 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/03/26 17:43:42 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/03/26 17:43:42 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/03/26 17:43:41 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/03/26 17:43:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/03/26 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/03/26 17:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/03/26 02:37:06 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\HPAppData
[2010/03/26 01:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/03/25 19:23:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/25 19:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/24 21:15:53 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/20 18:49:55 | 000,000,000 | ---D | C] -- C:\Users\kitkat\.idlerc
[2010/03/20 18:47:59 | 000,000,000 | ---D | C] -- C:\Python26
[2010/03/20 00:13:36 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\X-Chat 2
[2010/03/20 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2010/03/19 21:52:08 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python26.dll
[2010/03/17 16:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/03/17 16:44:18 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/03/17 16:44:18 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/03/17 16:44:18 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/03/17 16:44:12 | 004,325,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/03/17 16:44:12 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/03/17 16:44:12 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/03/17 16:44:12 | 002,332,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/03/17 16:44:12 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/03/17 16:44:10 | 016,051,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/03/17 16:44:10 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/03/17 16:44:10 | 005,416,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/03/17 16:44:10 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod189.dll
[2010/03/17 16:44:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/03/17 09:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/03/17 09:09:28 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\SystemRequirementsLab
[2010/03/13 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Procaster
[2010/03/13 23:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2010/03/11 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\Uniblue
[2010/03/11 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/03/10 20:44:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 20:44:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 20:43:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 20:43:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/10 20:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\recover
[2010/03/10 14:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/10 10:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Wowhead
[2010/03/10 01:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/03/10 01:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/03/10 01:38:52 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\DAEMON Tools Lite
[2010/03/10 01:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/10 01:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/03/10 00:13:30 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Turbine,_Inc
[2010/03/10 00:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Turbine
[2010/03/09 23:38:21 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/03/09 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/03/09 23:28:33 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Paint.NET
[2010/03/09 23:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/03/09 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/03/09 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\runic games
[2010/03/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/03/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/03/09 21:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/03/09 19:07:21 | 000,000,000 | R--D | C] -- C:\Users\kitkat\Desktop\The Good Stuff
[2010/03/06 11:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/03/02 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\kitkat\{51c83fb8-78d7-46ef-a638-5e54fd94b424}
[2010/03/02 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Documents\MP3Tools
[2010/02/28 15:47:53 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/02/28 15:47:52 | 000,938,496 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiax8.dll
[2010/02/28 15:47:52 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2010/02/28 15:47:52 | 000,505,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst14.dll
[2010/02/28 14:08:10 | 001,406,464 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotiop6.dll
[2010/02/28 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\HP
[2010/02/28 13:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/02/28 13:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/02/28 13:43:44 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/29 11:21:25 | 002,883,584 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat
[2010/03/29 11:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000UA.job
[2010/03/29 10:49:10 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{23ACA35C-F158-46F6-A50E-E3AEBE6851E3}.job
[2010/03/29 10:42:12 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 10:42:12 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 22:54:57 | 000,001,714 | ---- | M] () -- C:\Users\kitkat\Desktop\Torchlight.lnk
[2010/03/28 21:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000Core.job
[2010/03/28 18:25:13 | 000,010,240 | ---- | M] () -- C:\Users\kitkat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 18:03:01 | 000,000,584 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for kitkat.job
[2010/03/28 15:00:09 | 000,000,069 | ---- | M] () -- C:\Users\kitkat\jagex_runescape_preferences.dat
[2010/03/28 14:44:58 | 000,000,069 | ---- | M] () -- C:\Users\kitkat\jagex_runescape_preferences2.dat
[2010/03/28 02:01:09 | 000,020,414 | ---- | M] () -- C:\Users\kitkat\Documents\cc_20100328_020102.reg
[2010/03/26 23:47:12 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/03/26 23:47:12 | 000,006,729 | ---- | M] () -- C:\Windows\DiabUnin.dat
[2010/03/26 23:47:12 | 000,002,829 | ---- | M] () -- C:\Windows\DiabUnin.pif
[2010/03/26 17:31:42 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/26 01:32:08 | 000,000,744 | ---- | M] () -- C:\Users\kitkat\Desktop\Audacity.lnk
[2010/03/25 21:07:47 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/25 21:06:04 | 000,002,049 | ---- | M] () -- C:\Users\kitkat\Desktop\Google Chrome.lnk
[2010/03/25 20:48:39 | 000,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/25 20:48:39 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/25 20:48:39 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/25 20:41:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/25 20:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 20:40:56 | 000,524,288 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat{d62a54f5-eb76-11de-8730-0021976360a2}.TMContainer00000000000000000001.regtrans-ms
[2010/03/25 20:40:56 | 000,065,536 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat{d62a54f5-eb76-11de-8730-0021976360a2}.TM.blf
[2010/03/25 20:33:48 | 001,678,246 | -H-- | M] () -- C:\Users\kitkat\AppData\Local\IconCache.db
[2010/03/25 19:22:55 | 000,000,905 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/24 23:43:33 | 000,000,000 | ---- | M] () -- C:\Users\kitkat\jagex__preferences3.dat
[2010/03/24 18:33:30 | 000,390,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/21 23:34:52 | 000,001,384 | ---- | M] () -- C:\Users\kitkat\Desktop\Free Realms.lnk
[2010/03/20 01:06:11 | 000,118,232 | ---- | M] () -- C:\Users\kitkat\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/19 21:52:08 | 002,145,280 | ---- | M] (Python Software Foundation) -- C:\Windows\SysWow64\python26.dll
[2010/03/16 18:38:41 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/03/10 21:43:06 | 000,000,094 | ---- | M] () -- C:\Users\kitkat\AppData\Local\fusioncache.dat
[2010/03/10 01:39:49 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/03/10 00:18:11 | 000,002,269 | ---- | M] () -- C:\Users\kitkat\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/09 23:47:52 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/03/09 23:38:49 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/09 21:36:22 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/03/07 19:48:45 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/06 11:21:42 | 000,023,143 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/03/06 11:19:06 | 000,077,407 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/03/03 12:23:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkitkat.job
[2010/03/01 20:31:20 | 000,001,584 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\wklnhst.dat
[2010/02/28 15:23:07 | 000,165,497 | ---- | M] () -- C:\Windows\hpoins29.dat.temp
[2010/02/28 15:23:07 | 000,165,497 | ---- | M] () -- C:\Windows\hpoins29.dat
[2010/02/28 14:46:36 | 000,004,484 | ---- | M] () -- C:\Windows\wininit.ini
[2010/02/28 13:48:01 | 000,001,964 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 22:54:57 | 000,001,714 | ---- | C] () -- C:\Users\kitkat\Desktop\Torchlight.lnk
[2010/03/28 02:01:06 | 000,020,414 | ---- | C] () -- C:\Users\kitkat\Documents\cc_20100328_020102.reg
[2010/03/26 23:47:12 | 000,002,829 | ---- | C] () -- C:\Windows\DiabUnin.pif
[2010/03/26 23:47:10 | 000,006,729 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/03/26 20:43:54 | 000,372,068 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI2602.txt
[2010/03/26 20:43:54 | 000,015,666 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI2602.txt
[2010/03/26 17:45:02 | 000,463,786 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI1D1C.txt
[2010/03/26 17:45:02 | 000,015,728 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI1D1C.txt
[2010/03/26 17:31:42 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/26 01:32:08 | 000,000,744 | ---- | C] () -- C:\Users\kitkat\Desktop\Audacity.lnk
[2010/03/25 21:06:04 | 000,002,049 | ---- | C] () -- C:\Users\kitkat\Desktop\Google Chrome.lnk
[2010/03/25 21:05:11 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000UA.job
[2010/03/25 21:05:10 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000Core.job
[2010/03/25 19:22:55 | 000,000,905 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/24 23:43:33 | 000,000,000 | ---- | C] () -- C:\Users\kitkat\jagex__preferences3.dat
[2010/03/21 23:34:52 | 000,001,384 | ---- | C] () -- C:\Users\kitkat\Desktop\Free Realms.lnk
[2010/03/17 16:44:18 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/03/12 00:16:53 | 000,010,240 | ---- | C] () -- C:\Users\kitkat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 20:20:10 | 000,372,272 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI7FCC.txt
[2010/03/11 20:20:06 | 000,033,890 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI7FCC.txt
[2010/03/11 19:52:33 | 000,374,854 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI6AB3.txt
[2010/03/11 19:52:32 | 000,031,842 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI6AB3.txt
[2010/03/11 19:20:57 | 000,377,402 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI5283.txt
[2010/03/11 19:20:56 | 000,030,874 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI5283.txt
[2010/03/10 21:43:06 | 000,000,094 | ---- | C] () -- C:\Users\kitkat\AppData\Local\fusioncache.dat
[2010/03/10 01:39:49 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/03/10 00:18:11 | 000,002,269 | ---- | C] () -- C:\Users\kitkat\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/09 23:47:52 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/03/09 23:38:49 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/06 11:20:53 | 000,023,143 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/06 11:16:41 | 000,077,407 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/28 15:44:40 | 000,165,497 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/02/28 15:44:40 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/02/28 15:22:30 | 000,165,497 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2010/02/28 13:55:20 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2010/02/28 13:48:00 | 000,001,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/22 16:18:45 | 000,299,024 | ---- | C] () -- C:\ProgramData\Hope Mess Sect.bbs32
[2010/01/22 16:18:18 | 000,319,504 | ---- | C] () -- C:\ProgramData\Bore Send Send.7ui5h
[2010/01/22 16:18:18 | 000,303,120 | ---- | C] () -- C:\ProgramData\Bore Send Send.9nxmjdi
[2009/12/24 21:17:15 | 000,000,180 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\setup.log
[2009/12/24 21:17:11 | 000,000,760 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\setup_ldm.iss
[2009/11/23 12:30:05 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/18 09:37:44 | 000,004,484 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/17 07:28:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 07:25:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/11 10:16:16 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/17 18:18:28 | 000,001,584 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\wklnhst.dat
[2009/05/23 11:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/04/07 10:50:29 | 000,009,622 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/21 14:34:51 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/21 14:34:51 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< End of report >

 

[Blade81]

Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• Please post contents of that file in your next reply. Post a fresh OTL log too.

 

[KristopherAC]

I've gotten rid of the utorrent thing, as you've asked, and here are the MWB and OTL logs;

Malwarebytes' Anti-Malware 1.44
Database version: 3927
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/29/2010 12:25:39 PM
mbam-log-2010-03-29 (12-25-39).txt

Scan type: Quick Scan
Objects scanned: 113299
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Link Axis Bat Wave (Trojan.Downloader) -> Delete on reboot.

Files Infected:
C:\ProgramData\Link Axis Bat Wave\obj tons.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\Link Axis Bat Wave\obj tons.exe (Trojan.Downloader) -> Delete on reboot.

~~

OTL logfile created on: 3/29/2010 12:49:35 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\kitkat\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 60.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.64 Gb Total Space | 331.25 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive D: | 13.12 Gb Total Space | 1.79 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 610.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KITKAT-PC
Current User Name: kitkat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\kitkat\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\kitkat\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (LiveTurbineMessageService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100329.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100329.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr10/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "support.freeforums.org Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2437363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.otherrandomness.freeforums.org/index.php"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.11
FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {26a64c4b-92a8-4759-aee0-9ea36cff30ba}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.108
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.17
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/29 12:32:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 11:21:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/25 21:07:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/25 21:07:44 | 000,000,000 | ---D | M]

[2009/09/16 08:36:20 | 000,000,000 | ---D | M] -- C:\Users\kitkat\AppData\Roaming\mozilla\Extensions
[2010/03/28 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions
[2009/09/16 08:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 22:11:18 | 000,000,000 | ---D | M] (support.freeforums.org Toolbar) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{26a64c4b-92a8-4759-aee0-9ea36cff30ba}
[2010/03/24 19:33:05 | 000,000,000 | ---D | M] () -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/03/09 22:16:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/03/27 12:32:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/26 02:37:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/12 00:35:12 | 000,000,000 | ---D | M] (Calculator) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2010/03/13 23:52:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/09 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\foxmarks@kei.com
[2010/03/14 12:39:14 | 000,000,000 | ---D | M] -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\IncredibleBookmarks@visibotech.com
[2010/03/27 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\kitkat\AppData\Roaming\mozilla\Firefox\Profiles\tt11o8i5.default\extensions\personas@christopher.beard
[2009/11/09 12:52:32 | 000,004,554 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\aim-search.xml
[2009/12/27 10:30:55 | 000,002,426 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\askcom.xml
[2010/01/21 03:06:30 | 000,000,947 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\conduit.xml
[2010/03/10 01:42:20 | 000,002,055 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\daemon-search.xml
[2010/01/28 13:06:23 | 000,009,941 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\mywebsearch.xml
[2009/11/16 23:25:40 | 000,003,915 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Mozilla\FireFox\Profiles\tt11o8i5.default\searchplugins\sweetim.xml
[2010/03/29 12:31:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
O4 - HKCU..\Run: [Drv Info] C:\ProgramData\Bore Send Send.9nx File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\kitkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kitkat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\kitkat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/11/22 11:40:10 | 000,339,968 | R--- | M] (Interplay Productions, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/11/01 14:44:56 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ead848fb-e8be-11dd-a30e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ead848fb-e8be-11dd-a30e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/11/22 11:40:10 | 000,339,968 | R--- | M] (Interplay Productions, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/29 12:18:39 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\Malwarebytes
[2010/03/29 12:18:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/29 12:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/29 12:18:29 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 12:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/28 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Desktop\TLsaves
[2010/03/27 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Documents\appdata
[2010/03/26 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle
[2010/03/26 23:47:11 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/03/26 23:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo
[2010/03/26 17:44:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/03/26 17:44:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/03/26 17:44:33 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/03/26 17:44:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/03/26 17:44:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/03/26 17:44:32 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/03/26 17:44:31 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/03/26 17:44:31 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/03/26 17:44:31 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/03/26 17:44:31 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/03/26 17:44:30 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/03/26 17:44:30 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/03/26 17:44:30 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/03/26 17:44:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/03/26 17:44:29 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/03/26 17:44:29 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/03/26 17:44:29 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/03/26 17:44:29 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/03/26 17:44:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/03/26 17:44:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/03/26 17:44:27 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/03/26 17:44:27 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/03/26 17:44:27 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/03/26 17:44:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/03/26 17:44:26 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/03/26 17:44:26 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/03/26 17:44:25 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/03/26 17:44:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/03/26 17:44:24 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/03/26 17:44:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/03/26 17:44:24 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/03/26 17:44:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/03/26 17:44:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/03/26 17:44:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/03/26 17:44:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/03/26 17:44:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/03/26 17:44:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/03/26 17:44:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/03/26 17:44:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/03/26 17:44:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/03/26 17:44:21 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/03/26 17:44:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/03/26 17:44:21 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/03/26 17:44:21 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/03/26 17:44:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/03/26 17:44:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/03/26 17:44:19 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/03/26 17:44:19 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/03/26 17:44:19 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/03/26 17:44:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/03/26 17:44:19 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/03/26 17:44:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/03/26 17:44:18 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/03/26 17:44:18 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/03/26 17:44:17 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/03/26 17:44:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/03/26 17:44:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/03/26 17:44:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/03/26 17:44:15 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/03/26 17:44:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/03/26 17:44:14 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/03/26 17:44:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/03/26 17:44:14 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/03/26 17:44:14 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/03/26 17:44:14 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/03/26 17:44:14 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/03/26 17:44:12 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/03/26 17:44:12 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/03/26 17:44:11 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/03/26 17:44:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/03/26 17:44:11 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/03/26 17:44:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/03/26 17:44:10 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/03/26 17:44:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/03/26 17:44:08 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/03/26 17:44:08 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/03/26 17:44:08 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/03/26 17:44:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/03/26 17:44:08 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/03/26 17:44:08 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/03/26 17:44:07 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/03/26 17:44:07 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/03/26 17:44:06 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/03/26 17:44:06 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/03/26 17:44:06 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/03/26 17:44:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/03/26 17:44:06 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/03/26 17:44:06 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/03/26 17:44:06 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/03/26 17:44:06 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/03/26 17:44:05 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/03/26 17:44:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/03/26 17:44:05 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/03/26 17:44:05 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/03/26 17:44:04 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/03/26 17:44:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/03/26 17:44:03 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/03/26 17:44:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/03/26 17:44:03 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/03/26 17:44:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/03/26 17:44:03 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/03/26 17:44:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/03/26 17:44:01 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/03/26 17:44:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/03/26 17:44:00 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/03/26 17:44:00 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/03/26 17:43:59 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/03/26 17:43:59 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/03/26 17:43:57 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/03/26 17:43:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/03/26 17:43:57 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/03/26 17:43:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/03/26 17:43:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/03/26 17:43:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/03/26 17:43:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/03/26 17:43:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/03/26 17:43:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/03/26 17:43:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/03/26 17:43:54 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/03/26 17:43:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/03/26 17:43:54 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/03/26 17:43:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/03/26 17:43:53 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/03/26 17:43:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/03/26 17:43:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/03/26 17:43:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/03/26 17:43:42 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/03/26 17:43:42 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/03/26 17:43:42 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/03/26 17:43:42 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/03/26 17:43:41 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/03/26 17:43:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/03/26 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/03/26 17:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/03/26 02:37:06 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\HPAppData
[2010/03/26 01:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/03/25 19:23:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/25 19:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/24 21:15:53 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/20 18:49:55 | 000,000,000 | ---D | C] -- C:\Users\kitkat\.idlerc
[2010/03/20 18:47:59 | 000,000,000 | ---D | C] -- C:\Python26
[2010/03/20 00:13:36 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\X-Chat 2
[2010/03/20 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2010/03/19 21:52:08 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python26.dll
[2010/03/17 16:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/03/17 16:44:18 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/03/17 16:44:18 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/03/17 16:44:18 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/03/17 16:44:12 | 004,325,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/03/17 16:44:12 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/03/17 16:44:12 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/03/17 16:44:12 | 002,332,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/03/17 16:44:12 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/03/17 16:44:10 | 016,051,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/03/17 16:44:10 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/03/17 16:44:10 | 005,416,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/03/17 16:44:10 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod189.dll
[2010/03/17 16:44:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/03/17 09:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/03/17 09:09:28 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\SystemRequirementsLab
[2010/03/13 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Procaster
[2010/03/13 23:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2010/03/11 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\Uniblue
[2010/03/11 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/03/10 20:44:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 20:44:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 20:43:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 20:43:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/10 20:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\recover
[2010/03/10 14:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/10 10:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Wowhead
[2010/03/10 01:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/03/10 01:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/03/10 01:38:52 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\DAEMON Tools Lite
[2010/03/10 01:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/10 01:35:24 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\uTorrent
[2010/03/10 01:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/03/10 00:13:30 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Turbine,_Inc
[2010/03/10 00:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Turbine
[2010/03/09 23:38:21 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/03/09 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/03/09 23:28:33 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Local\Paint.NET
[2010/03/09 23:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/03/09 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/03/09 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\runic games
[2010/03/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/03/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/03/09 21:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/03/09 19:07:21 | 000,000,000 | R--D | C] -- C:\Users\kitkat\Desktop\The Good Stuff
[2010/03/06 11:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/03/02 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\kitkat\{51c83fb8-78d7-46ef-a638-5e54fd94b424}
[2010/03/02 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\kitkat\Documents\MP3Tools
[2010/02/28 15:47:53 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/02/28 15:47:52 | 000,938,496 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiax8.dll
[2010/02/28 15:47:52 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2010/02/28 15:47:52 | 000,505,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst14.dll
[2010/02/28 14:08:10 | 001,406,464 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotiop6.dll
[2010/02/28 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\kitkat\AppData\Roaming\HP
[2010/02/28 13:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/02/28 13:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/02/28 13:43:44 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/29 12:53:00 | 002,883,584 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat
[2010/03/29 12:38:47 | 000,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/29 12:38:47 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/29 12:38:47 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/29 12:31:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 12:31:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 12:31:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/29 12:31:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/29 12:29:37 | 000,524,288 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat{d62a54f5-eb76-11de-8730-0021976360a2}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 12:29:37 | 000,065,536 | -HS- | M] () -- C:\Users\kitkat\ntuser.dat{d62a54f5-eb76-11de-8730-0021976360a2}.TM.blf
[2010/03/29 12:29:16 | 004,098,620 | -H-- | M] () -- C:\Users\kitkat\AppData\Local\IconCache.db
[2010/03/29 12:18:37 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/29 12:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000UA.job
[2010/03/29 12:05:34 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{23ACA35C-F158-46F6-A50E-E3AEBE6851E3}.job
[2010/03/29 11:40:43 | 000,001,584 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\wklnhst.dat
[2010/03/28 22:54:57 | 000,001,714 | ---- | M] () -- C:\Users\kitkat\Desktop\Torchlight.lnk
[2010/03/28 21:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000Core.job
[2010/03/28 18:25:13 | 000,010,240 | ---- | M] () -- C:\Users\kitkat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 18:03:01 | 000,000,584 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for kitkat.job
[2010/03/28 15:00:09 | 000,000,069 | ---- | M] () -- C:\Users\kitkat\jagex_runescape_preferences.dat
[2010/03/28 14:44:58 | 000,000,069 | ---- | M] () -- C:\Users\kitkat\jagex_runescape_preferences2.dat
[2010/03/28 02:01:09 | 000,020,414 | ---- | M] () -- C:\Users\kitkat\Documents\cc_20100328_020102.reg
[2010/03/26 23:47:12 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/03/26 23:47:12 | 000,006,729 | ---- | M] () -- C:\Windows\DiabUnin.dat
[2010/03/26 23:47:12 | 000,002,829 | ---- | M] () -- C:\Windows\DiabUnin.pif
[2010/03/26 17:31:42 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/26 01:32:08 | 000,000,744 | ---- | M] () -- C:\Users\kitkat\Desktop\Audacity.lnk
[2010/03/25 21:07:47 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/25 21:06:04 | 000,002,049 | ---- | M] () -- C:\Users\kitkat\Desktop\Google Chrome.lnk
[2010/03/25 19:22:55 | 000,000,905 | ---- | M] () -- C:\Users\kitkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/24 23:43:33 | 000,000,000 | ---- | M] () -- C:\Users\kitkat\jagex__preferences3.dat
[2010/03/24 18:33:30 | 000,390,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/21 23:34:52 | 000,001,384 | ---- | M] () -- C:\Users\kitkat\Desktop\Free Realms.lnk
[2010/03/20 01:06:11 | 000,118,232 | ---- | M] () -- C:\Users\kitkat\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/19 21:52:08 | 002,145,280 | ---- | M] (Python Software Foundation) -- C:\Windows\SysWow64\python26.dll
[2010/03/16 18:38:41 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/03/10 21:43:06 | 000,000,094 | ---- | M] () -- C:\Users\kitkat\AppData\Local\fusioncache.dat
[2010/03/10 01:39:49 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/03/10 00:18:11 | 000,002,269 | ---- | M] () -- C:\Users\kitkat\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/09 23:47:52 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/03/09 23:38:49 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/09 21:36:22 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/03/07 19:48:45 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/06 11:21:42 | 000,023,143 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/03/06 11:19:06 | 000,077,407 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/03/03 12:23:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkitkat.job
[2010/02/28 15:23:07 | 000,165,497 | ---- | M] () -- C:\Windows\hpoins29.dat.temp
[2010/02/28 15:23:07 | 000,165,497 | ---- | M] () -- C:\Windows\hpoins29.dat
[2010/02/28 14:46:36 | 000,004,484 | ---- | M] () -- C:\Windows\wininit.ini
[2010/02/28 13:48:01 | 000,001,964 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 12:18:37 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 22:54:57 | 000,001,714 | ---- | C] () -- C:\Users\kitkat\Desktop\Torchlight.lnk
[2010/03/28 02:01:06 | 000,020,414 | ---- | C] () -- C:\Users\kitkat\Documents\cc_20100328_020102.reg
[2010/03/26 23:47:12 | 000,002,829 | ---- | C] () -- C:\Windows\DiabUnin.pif
[2010/03/26 23:47:10 | 000,006,729 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/03/26 20:43:54 | 000,372,068 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI2602.txt
[2010/03/26 20:43:54 | 000,015,666 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI2602.txt
[2010/03/26 17:45:02 | 000,463,786 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI1D1C.txt
[2010/03/26 17:45:02 | 000,015,728 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI1D1C.txt
[2010/03/26 17:31:42 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/26 01:32:08 | 000,000,744 | ---- | C] () -- C:\Users\kitkat\Desktop\Audacity.lnk
[2010/03/25 21:06:04 | 000,002,049 | ---- | C] () -- C:\Users\kitkat\Desktop\Google Chrome.lnk
[2010/03/25 21:05:11 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000UA.job
[2010/03/25 21:05:10 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4199256080-2304128688-3463834668-1000Core.job
[2010/03/25 19:22:55 | 000,000,905 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/24 23:43:33 | 000,000,000 | ---- | C] () -- C:\Users\kitkat\jagex__preferences3.dat
[2010/03/21 23:34:52 | 000,001,384 | ---- | C] () -- C:\Users\kitkat\Desktop\Free Realms.lnk
[2010/03/17 16:44:18 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/03/12 00:16:53 | 000,010,240 | ---- | C] () -- C:\Users\kitkat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 20:20:10 | 000,372,272 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI7FCC.txt
[2010/03/11 20:20:06 | 000,033,890 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI7FCC.txt
[2010/03/11 19:52:33 | 000,374,854 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI6AB3.txt
[2010/03/11 19:52:32 | 000,031,842 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI6AB3.txt
[2010/03/11 19:20:57 | 000,377,402 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistMSI5283.txt
[2010/03/11 19:20:56 | 000,030,874 | ---- | C] () -- C:\Users\kitkat\AppData\Local\dd_vcredistUI5283.txt
[2010/03/10 21:43:06 | 000,000,094 | ---- | C] () -- C:\Users\kitkat\AppData\Local\fusioncache.dat
[2010/03/10 01:39:49 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/03/10 00:18:11 | 000,002,269 | ---- | C] () -- C:\Users\kitkat\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/09 23:47:52 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/03/09 23:38:49 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/06 11:20:53 | 000,023,143 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/06 11:16:41 | 000,077,407 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/28 15:44:40 | 000,165,497 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/02/28 15:44:40 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/02/28 15:22:30 | 000,165,497 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2010/02/28 13:55:20 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2010/02/28 13:48:00 | 000,001,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/22 16:18:45 | 000,299,024 | ---- | C] () -- C:\ProgramData\Hope Mess Sect.bbs32
[2010/01/22 16:18:18 | 000,319,504 | ---- | C] () -- C:\ProgramData\Bore Send Send.7ui5h
[2010/01/22 16:18:18 | 000,303,120 | ---- | C] () -- C:\ProgramData\Bore Send Send.9nxmjdi
[2009/12/24 21:17:15 | 000,000,180 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\setup.log
[2009/12/24 21:17:11 | 000,000,760 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\setup_ldm.iss
[2009/11/23 12:30:05 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/18 09:37:44 | 000,004,484 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/17 07:28:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 07:25:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/11 10:16:16 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/17 18:18:28 | 000,001,584 | ---- | C] () -- C:\Users\kitkat\AppData\Roaming\wklnhst.dat
[2009/05/23 11:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/04/07 10:50:29 | 000,009,622 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/21 14:34:51 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/21 14:34:51 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >

 

[Blade81]

Hi,

I'm sorry for this delayed reply. Of some reason topic showed my post as the latest one so I didn't know you had replied.


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Let's run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKCU..\Run: [Drv Info] C:\ProgramData\Bore Send Send.9nx File not found
  :Files
  C:\Users\kitkat\AppData\Roaming\uTorrent
  C:\ProgramData\Hope Mess Sect.bbs32
  C:\ProgramData\Bore Send Send.7ui5h
  C:\ProgramData\Bore Send Send.9nxmjdi
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 19.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report. How's the system running now?

 

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.