Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 11th June 2010   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

[Resolved] Unable to access Microsoft and anti-virus/malware websites


Hello,

I cannot access any Microsoft websites nor anti-virus websites such as Avast, MalwareBytes etc. I get the message "Address Not Found" in Firefox. I've had this problem for a long while now.

I found a thread addressing this issue in this forum already (page 2 somewhere), but couldn't follow along enough to solve the problem.

I ran "ComboFix" already and should be able to provide the logs of that if needed.

Any help would be much appreciated!

Edis is offline  
Old 12th June 2010   #2
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Quote:
I ran "ComboFix" already and should be able to provide the logs of that if needed.
You shouldn't be running Combofix on your own.

Read this post, then post the requested log(s).

broni is offline  
Old 12th June 2010   #3
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

Hello, I've ran DDS:


DDS.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tyler at 13:13:12.92 on 12/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.1992 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Thomson\ST330\service\st330service.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Spotify\spotify.exe
C:\Documents and Settings\Tyler\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\dlm.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tyler\applic~1\mozilla\firefox\profiles\chcx984b.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - c:\\documents and settings\\tyler\\my documents\\homepage.html
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\iaplayer@instanta ction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\yyginstantplay@yo yogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\tyler\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-19 138680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-12-24 66048]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]
S2 aysxilw;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-27 136176]
S2 wfmamv;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-18 1684736]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-19 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-19 352920]
S3 cpuz130;cpuz130;\??\c:\docume~1\tyler\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tyler\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-11-4 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-4 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-9-3 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-9-3 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2009-9-3 40320]

=============== Created Last 30 ================

2010-06-11 23:38:06 0 d-----w- c:\program files\Stunlock Studios
2010-06-11 23:37:05 0 d-----w- c:\program files\Microsoft XNA
2010-06-07 17:11:37 0 d-----w- C:\ComboFix
2010-06-07 15:26:16 0 d-sha-r- C:\cmdcons
2010-06-07 15:22:45 77312 ----a-w- c:\windows\MBR.exe
2010-06-07 15:22:45 256512 ----a-w- c:\windows\PEV.exe
2010-06-07 15:22:44 98816 ----a-w- c:\windows\sed.exe
2010-06-07 15:22:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-04 17:28:30 0 d-----w- c:\docume~1\tyler\applic~1\Dragon Age Toolset
2010-06-04 17:12:33 0 d-----w- c:\program files\MSXML 6.0
2010-06-04 17:10:57 0 d-----w- c:\program files\DAODB
2010-06-04 15:56:47 0 d-----w- c:\program files\common files\PACE Anti-Piracy
2010-06-04 15:56:47 0 d-----w- c:\docume~1\tyler\applic~1\PACE Anti-Piracy
2010-06-04 15:56:47 0 d-----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2010-06-04 15:54:02 0 d-----w- c:\program files\Unity
2010-05-28 11:13:02 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-28 11:13:02 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-28 11:13:02 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-28 11:13:02 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-28 11:13:02 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-28 11:13:00 0 d-----w- c:\docume~1\tyler\applic~1\Simply Super Software
2010-05-28 11:13:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 18:08:17 34064 ----a-w- c:\windows\system32\lhacm.acm
2010-05-27 18:08:14 0 d-----w- c:\program files\Teamspeak2_RC2
2010-05-27 18:03:53 0 d-----w- c:\docume~1\tyler\applic~1\TS3Client
2010-05-26 15:12:22 0 d-----w- c:\program files\Eve-MEEP
2010-05-26 11:07:39 0 d-sh--w- c:\documents and settings\tyler\PrivacIE
2010-05-25 12:39:06 4096 ----a-w- c:\windows\d3dx.dat
2010-05-25 12:24:37 0 d-----w- c:\program files\PlayOnline
2010-05-25 12:24:37 0 d-----w- c:\program files\common files\PlayOnline
2010-05-22 18:30:06 0 d-----w- c:\program files\PKR
2010-05-20 15:39:29 0 d-----w- c:\documents and settings\tyler\.GalleryRemote
2010-05-17 10:12:35 8629 ----a-w- C:\sitemap.xml
2010-05-15 17:27:41 0 d-----w- c:\program files\StarCraft II Beta
2010-05-15 17:25:50 0 d-sh--w- c:\documents and settings\tyler\IETldCache
2010-05-15 15:56:14 0 d-----w- c:\program files\SC2
2010-05-15 12:03:35 0 d-----w- c:\program files\Yahoo!
2010-05-15 12:03:14 0 dc-h--w- c:\windows\ie8
2010-05-15 11:53:21 25808 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-14 11:48:33 0 d-----w- c:\documents and settings\tyler\.sshterm
2010-05-14 11:48:33 0 d-----w- c:\documents and settings\tyler\.ssh

==================== Find3M ====================

2010-05-24 21:13:30 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-24 20:49:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-07 19:48:36 75 ----a-w- c:\documents and settings\tyler\jagex_runescape_preferences2.dat
2010-05-07 19:43:30 41 ----a-w- c:\documents and settings\tyler\jagex_runescape_preferences.dat
2010-05-02 00:08:56 0 ----a-w- c:\documents and settings\tyler\jagex__preferences3.dat
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 13:25:20 35246 ----a-w- c:\windows\DIIUnin.dat
2010-04-18 13:23:38 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-18 13:23:38 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-04-18 13:23:38 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-18 13:07:56 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-18 13:07:56 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-13 13:37:58 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-06 13:16:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-29 14:59:53 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-03-20 05:41:42 139152 ----a-w- c:\docume~1\tyler\applic~1\PnkBstrK.sys
2010-03-20 05:41:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-20 05:41:20 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
2009-03-21 14:06:58 164972 --sha-r- c:\windows\system32\sqluqt.dll

============= FINISH: 13:13:26.23 ===============

Attach.txt
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2009 1:00:56 PM
System Uptime: 6/12/2010 1:00:48 PM (0 hours ago)

Motherboard: alienware | | alienware
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 2999/332mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 226 GiB total, 31.684 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/18/2010 12:34:35 PM - System Checkpoint
RP2: 5/19/2010 10:43:42 PM - System Checkpoint
RP3: 5/21/2010 12:22:46 PM - System Checkpoint
RP4: 5/23/2010 9:54:47 PM - System Checkpoint
RP5: 5/25/2010 12:41:11 PM - System Checkpoint
RP6: 5/25/2010 1:24:07 PM - Installed FINAL FANTASY XI
RP7: 5/25/2010 1:24:25 PM - Installed PlayOnline Viewer & Tetra Master
RP8: 5/25/2010 1:25:50 PM - Installed FINAL FANTASY XI
RP9: 5/25/2010 1:33:07 PM - Installed FINAL FANTASY XI: Rise of the Zilart
RP10: 5/25/2010 1:35:51 PM - Installed FINAL FANTASY XI: Chains of Promathia
RP11: 5/25/2010 1:37:34 PM - Installed FINAL FANTASY XI: Treasures of Aht Urhgan
RP12: 5/26/2010 4:12:21 PM - Installed Eve-MEEP
RP13: 5/27/2010 6:05:17 PM - System Checkpoint
RP14: 5/28/2010 1:31:26 PM - Removed FEAR
RP15: 5/28/2010 1:32:11 PM - Removed Machinima Studio
RP16: 5/28/2010 1:33:46 PM - Removed Nero 7 Essentials
RP17: 5/29/2010 6:53:14 PM - System Checkpoint
RP18: 5/31/2010 11:52:10 AM - System Checkpoint
RP19: 6/1/2010 3:38:35 PM - System Checkpoint
RP20: 6/3/2010 4:46:20 PM - System Checkpoint
RP21: 6/5/2010 11:49:55 AM - System Checkpoint
RP22: 6/6/2010 4:11:27 PM - System Checkpoint
RP23: 6/7/2010 8:02:04 PM - System Checkpoint
RP24: 6/9/2010 7:14:15 PM - System Checkpoint
RP25: 6/11/2010 11:56:59 PM - Installed Microsoft XNA Framework
RP26: 6/12/2010 12:37:05 AM - Installed Microsoft XNA Framework Redistributable 3.1
RP27: 6/12/2010 12:38:02 AM - Installed Bloodline Champions Beta

==== Installed Programs ======================

AAC Decoder
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Age of Conan - Hyborian Adventures
AiO_Scan_CDA
Aion
AiOSoftwareNPI
APB Beta-EU
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Battlefield 2 Standalone Demo Server
Battlefield 2(TM) Demo
BitTorrent
Bloodline Champions Beta
Bonjour
BufferChm
C5100
c5100_Help
CCleaner (remove only)
Cities XL
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Download Manager 2.3.7
Dungeons and Dragons Online™ - Eberron Unlimited™ - Live
eSupportQFolder
Eve-MEEP
EVE Online (remove only)
EVEMon
Fax_CDA
FileZilla Client 3.3.0.1
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
Fraps (remove only)
FullDPAppQFolder
Global Agenda Live
Google Earth
Google Update Helper
Guild Wars
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LightScribe 1.4.124.1
LiveZilla
Machinima Studio
Malwarebytes' Anti-Malware
MarketResearch
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework
Microsoft XNA Framework Redistributable 3.1
MKV Splitter
Mozilla Firefox (3.0.19)
MSRuntime Libraries
MSVCRT
MSXML 6.0 Parser
NCsoft Launcher
NewCopy_CDA
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Oblivion
OCR Software by I.R.I.S 7.0
Octoshape Streaming Services
OpenAL
OpenOffice.org 3.2
Opera 10.53
PanoStandAlone
PDF Settings
PhotoGallery
Photoshop Camera Raw
Pixel Bender Toolkit
PKR
PlayOnline Viewer & Tetra Master
PlayStation(R)Network Downloader
PlayStation(R)Store
Portal
ProductContextNPI
PunkBuster Services
QuickTime
R.U.S.E. Beta
RandMap
Readme
Realtek High Definition Audio Driver
RivaTuner v2.24
Safari
Scan
ScannerCopy
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
SkinsHP1
Skype web features
Skype™ 4.1
SlideShow
SlimDX Redistributable (March 2009)
SolutionCenter
Sonic_PrimoSDK
Sony Vegas Movie Studio 8.0
SpeedTouch 330
SpeedTouch USB Software
Spotify
SQL Server System CLR Types
StarCraft II Beta
Status
Steam
Suite Shared Configuration CS4
TeamSpeak 2 RC2
TeamViewer 5
The Endless Forest
Toolbox
TrayApp
Turbine Download Manager - Live
Unity
Unload
Unreal Development Kit: 2010-02
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
WebFldrs XP
WebReg
WG111v2 Configuration Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

6/6/2010 3:00:07 PM, error: Service Control Manager [7023] - The System Monitor service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
6/6/2010 3:00:07 PM, error: Service Control Manager [7023] - The Helper Windows service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
6/6/2010 2:58:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

==== End Of File ===========================

Edis is offline  
Old 12th June 2010   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Now, I'd like to see your Combofix log, since you ran it already.

broni is offline  
Old 12th June 2010   #5
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

Thanks for the swift reply.

ComboFix.txt

ComboFix 10-06-06.04 - Tyler 07/06/2010 16:29:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2350 [GMT 1:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tyler\Application Data\.#
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\_000126_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 19:41 . 2010-05-27 19:41 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcp71.dll
2010-05-27 19:41 . 2010-05-27 19:41 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\jmc.dll
2010-05-27 19:41 . 2010-05-27 19:41 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcr71.dll
2010-05-27 19:41 . 2010-05-27 19:41 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-sse.dll
2010-05-27 19:41 . 2010-05-27 19:41 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-d3d.dll
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_E9899D3A52B54A6415E79F.exe
2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_D0D7B2C4BE083D47D3E75D.exe
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
2010-05-22 19:55 . 2010-05-22 19:55 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
2010-05-17 11:01 . 2010-05-17 11:01 315392 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl.dll
2010-05-17 11:01 . 2010-05-17 11:01 20480 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_awt.dll
2010-05-17 11:01 . 2010-05-17 11:01 114688 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_cg.dll
2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2
2010-05-15 12:04 . 2010-05-15 12:04 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
2010-05-15 12:03 . 2010-05-28 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
2010-05-15 12:03 . 2010-05-29 08:58 -------- d-----w- c:\program files\Yahoo!
2010-05-15 12:03 . 2010-05-15 12:03 -------- dc-h--w- c:\windows\ie8
2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Opera
2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.sshterm
2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.ssh
2010-05-12 21:34 . 2010-05-12 21:34 655360 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 21:34 . 2010-05-12 21:34 282624 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 21:34 . 2010-05-12 21:34 208896 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 14:35 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
2010-06-07 13:01 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
2010-06-06 16:34 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
2010-06-05 14:03 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
2010-06-04 17:14 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
2010-06-01 14:15 . 2010-02-11 22:05 1 ----a-w- c:\documents and settings\Tyler\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-29 14:33 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 10:26 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
2010-05-01 13:09 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
2009-03-21 14:06 . 2004-08-04 12:00 164972 --sha-r- c:\windows\system32\sqluqt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\Tyler\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe"=
"c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe"=
"c:\\Program Files\\Dragon Age\\tools\\RPU.exe"=
"c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe"=
"c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe"=
"c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5369:TCP"= 5369:TCP:hbyxanp

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
S2 aysxilw;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
S2 wfmamv;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 PM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aysxilw
wfmamv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instanta ction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yo yogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-hon - c:\program files\Heroes of Newerth Test Client\uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files\Common Files\BioWare\Uninstall Dragon Age Toolset.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aysxilw]
"ServiceDll"="c:\windows\system32\sqluqt.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wfmamv]
"ServiceDll"="c:\windows\system32\sqluqt.dll"
.
Completion time: 2010-06-07 16:35:04
ComboFix-quarantined-files.txt 2010-06-07 15:34

Pre-Run: 34,604,634,112 bytes free
Post-Run: 35,835,174,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FD07A20D8509B2E39254E2D4406C46DA

Edis is offline  
Old 12th June 2010   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\sqluqt.dll


Driver::
aysxilw
wfmamv


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"=-
"5369:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aysxilw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wfmamv]


NetSvc::
aysxilw
wfmamv

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

broni is offline  
Old 12th June 2010   #7
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

ComboFix 10-06-06.04 - Tyler 12/06/2010 23:11:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2102 [GMT 1:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tyler\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\sqluqt.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sqluqt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AYSXILW
-------\Legacy_WFMAMV
-------\Service_aysxilw
-------\Service_wfmamv


((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-11 23:38 . 2010-06-11 23:38 -------- d-----w- c:\program files\Stunlock Studios
2010-06-11 23:37 . 2010-06-11 23:37 -------- d-----w- c:\program files\Microsoft XNA
2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2
2010-05-15 12:04 . 2010-05-15 12:04 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
2010-05-15 12:03 . 2010-05-28 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
2010-05-15 12:03 . 2010-05-29 08:58 -------- d-----w- c:\program files\Yahoo!
2010-05-15 12:03 . 2010-05-15 12:03 -------- dc-h--w- c:\windows\ie8
2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Opera
2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.sshterm
2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.ssh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 22:07 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
2010-06-12 22:03 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
2010-06-12 18:30 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
2010-06-11 23:36 . 2009-08-26 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 22:47 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
2010-06-09 22:38 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
2010-06-09 20:06 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
2010-06-08 21:46 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
2010-06-04 17:14 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA
2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-07_15.33.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 22:20 . 2010-06-12 22:20 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2010-06-12 22:20 . 2010-06-12 22:20 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2010-06-11 22:56 . 2010-06-11 22:56 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Xna.Framework.Game\1.0.0.0__6d5c3888 ef60e27d\Microsoft.Xna.Framework.Game.dll
+ 2010-06-11 23:37 . 2010-06-11 23:37 98304 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework.Game\3.1.0.0__6d5c3888ef 60e27d\Microsoft.Xna.Framework.Game.dll
+ 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_97FD91C37354ACBFB8109E.exe
+ 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_6FEFF9B68218417F98F549.exe
+ 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_03FE117FC2F9340045654C.exe
+ 2010-06-08 00:06 . 2010-06-08 00:06 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-06-11 23:37 . 2010-06-11 23:37 892416 c:\windows\Installer\51a62c.msi
+ 2010-06-11 22:57 . 2010-06-11 22:57 747008 c:\windows\Installer\2ceb95.msi
+ 2010-06-11 22:56 . 2010-06-11 22:56 700416 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\1.0.0.0__6d5c3888ef60e27 d\Microsoft.Xna.Framework.dll
+ 2010-01-27 01:07 . 2010-06-08 00:06 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-06-11 23:39 . 2010-06-11 23:39 1059840 c:\windows\Installer\51a630.msi
+ 2010-06-11 23:37 . 2010-06-11 23:37 1034752 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\3.1.0.0__6d5c3888ef60e27 d\Microsoft.Xna.Framework.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\Tyler\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe"=
"c:\\Program Files\\Dragon Age\\tools\\RPU.exe"=
"c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe"=
"c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe"=
"c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5369:TCP"= 5369:TCP:hbyxanp

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instanta ction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yo yogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 23:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Tyler\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1715567821-884357618-839522115-1003\6a97f5eba4ec770afec0a8c0e36128a5_c0182b99-976b-46a8-8844-bc2c87d358a6 1310 bytes
c:\documents and settings\Tyler\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1715567821-884357618-839522115-1003\ee609c5df99eae0e94b2ccd6210ff107_c0182b99-976b-46a8-8844-bc2c87d358a6 1310 bytes

scan completed successfully
hidden files: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AB061F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cdfbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ccea0d
SendHandler -> NDIS.sys @ 0xb7ce2b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2476)
c:\program files\Xfire\xfire_toucan_42784.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Thomson\ST330\service\st330service.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-06-12 23:27:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-12 22:27
ComboFix2.txt 2010-06-07 15:35

Pre-Run: 34,220,912,640 bytes free
Post-Run: 34,171,633,664 bytes free

- - End Of File - - 6975BAADEE976499906F76DC6180AC1B

Edis is offline  
Old 13th June 2010   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
How is your access to security sites?

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

broni is offline  
Old 13th June 2010   #9
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

I can access microsoft & all security sites now.

Oddly I just got a BSOD after scanning for half an hour or so with GMER. I'll try again.

Edis is offline  
Old 13th June 2010   #10
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 13:42:16
Windows 5.1.2600 Service Pack 3
Running: ymc557bh.exe; Driver: C:\DOCUME~1\Tyler\LOCALS~1\Temp\kgriykow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA73756B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7375574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7375A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA737514C]
SSDT spdh.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spdh.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA737564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA737508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA73750F0]
SSDT spdh.sys ZwQueryKey [0xB7EC610A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA737576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA737572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA73758AE]

INT 0x62 ? 8AB06BF8
INT 0x63 ? 8AB09BF8
INT 0x73 ? 8AB09BF8
INT 0x73 ? 8AB05BF8
INT 0x73 ? 8AB09BF8
INT 0xB4 ? 8AB09BF8

---- Kernel code sections - GMER 1.0.15 ----

? spdh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB535B380, 0x566445, 0xE8000020]
.text USBPORT.SYS!DllUnload B533B8AC 5 Bytes JMP 8AB051D8
.text arwapgma.SYS B51B6386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text arwapgma.SYS B51B63AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text arwapgma.SYS B51B63C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text arwapgma.SYS B51B63C9 1 Byte [30]
.text arwapgma.SYS B51B63C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spdh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spdh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spdh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spdh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spdh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spdh.sys
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\arwapgma.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB041F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8A8711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA971F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AA971F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AA971F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AA971F8
Device \Driver\usbehci \Device\USBPDO-1 8A8641F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB071F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA37623B-E904-4FD6-B27E-3FF210407A7C} 8A704500
Device \Driver\sptd \Device\2893494918 spdh.sys
Device \Driver\Cdrom \Device\CdRom0 8A8571F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB071F8
Device \Driver\Cdrom \Device\CdRom1 8A8571F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000076 8A711500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A704500
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA03CBA6-B98C-488B-9674-8B6B6A94186B} 8A704500
Device \Driver\NetBT \Device\NetbiosSmb 8A704500
Device \Driver\PCI_PNP9918 \Device\0000004e spdh.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8A8711F8
Device \Driver\usbehci \Device\USBFDO-1 8A8641F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 888F01F8
Device \Driver\usbstor \Device\0000007b 8A711500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 888F01F8
Device \Driver\usbstor \Device\0000007c 8A711500
Device \Driver\usbstor \Device\0000007d 8A711500
Device \Driver\Ftdisk \Device\FtControl 8AB071F8
Device \Driver\usbstor \Device\0000007e 8A711500
Device \Driver\arwapgma \Device\Scsi\arwapgma1 8A8401F8
Device \Driver\arwapgma \Device\Scsi\arwapgma1Port5Path0Target0Lun0 8A8401F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 8AA961F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8AA961F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AA961F8
Device \Driver\nvgts \Device\Scsi\nvgts3 8AA961F8
Device \FileSystem\Cdfs \Cdfs 888911F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x8A 0xEA 0x32 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0xBE 0x0C 0xA3 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0x09 0xE2 0x9D 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x8A 0xEA 0x32 0x0B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0xBE 0x0C 0xA3 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0x09 0xE2 0x9D 0x65 ...

---- EOF - GMER 1.0.15 ----

Edis is offline  
Old 13th June 2010   #11
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Delete your Combofix file, download new one, run it and post fresh log.

broni is offline  
Old 14th June 2010   #12
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

The log was far too long (~218k character) to post, so i omitted the "snapshot" section which seemed to be listing every single dll on my machine.

ComboFix 10-06-13.04 - Tyler 14/06/2010 13:26:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2298 [GMT 1:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-13 16:40 . 2010-06-13 16:40 285680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-884357618-839522115-1003-0.dat
2010-06-13 16:40 . 2010-06-13 16:40 249274 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-06-13 13:42 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-06-13 13:42 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-06-13 13:41 . 2010-06-13 13:41 -------- d-----w- c:\windows\system32\RsFx
2010-06-13 13:38 . 2010-06-13 13:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-13 13:38 . 2010-06-13 13:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-13 13:37 . 2010-06-13 13:44 188128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2010-06-13 13:36 . 2010-06-13 13:36 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-06-13 13:36 . 2010-06-13 13:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-06-11 23:38 . 2010-06-11 23:38 -------- d-----w- c:\program files\Stunlock Studios
2010-06-11 23:37 . 2010-06-11 23:37 -------- d-----w- c:\program files\Microsoft XNA
2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 19:41 . 2010-05-27 19:41 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcp71.dll
2010-05-27 19:41 . 2010-05-27 19:41 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\jmc.dll
2010-05-27 19:41 . 2010-05-27 19:41 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcr71.dll
2010-05-27 19:41 . 2010-05-27 19:41 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-sse.dll
2010-05-27 19:41 . 2010-05-27 19:41 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-d3d.dll
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_E9899D3A52B54A6415E79F.exe
2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_D0D7B2C4BE083D47D3E75D.exe
2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
2010-05-22 19:55 . 2010-05-22 19:55 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
2010-05-17 11:01 . 2010-05-17 11:01 315392 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl.dll
2010-05-17 11:01 . 2010-05-17 11:01 20480 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_awt.dll
2010-05-17 11:01 . 2010-05-17 11:01 114688 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_cg.dll
2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 12:20 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
2010-06-14 11:40 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
2010-06-14 11:13 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
2010-06-13 13:41 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-13 13:01 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
2010-06-11 23:36 . 2009-08-26 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-11 22:47 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
2010-06-09 22:38 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
2010-06-09 00:27 . 2010-02-11 22:05 1 ----a-w- c:\documents and settings\Tyler\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-08 21:46 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
2010-05-29 08:58 . 2010-05-15 12:03 -------- d-----w- c:\program files\Yahoo!
2010-05-28 12:36 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
2010-05-12 21:34 . 2010-05-12 21:34 655360 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 21:34 . 2010-05-12 21:34 282624 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 21:34 . 2010-05-12 21:34 208896 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA
2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-03-18 15:47 . 2010-03-18 15:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 12:16 . 2010-03-18 12:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 12:16 . 2010-03-18 12:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 12:16 . 2010-03-18 12:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 09:09 . 2010-03-18 09:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 09:09 . 2010-03-18 09:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 09:09 . 2010-03-18 09:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 09:09 . 2010-03-18 09:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-18 08:15 . 2010-03-18 08:15 80720 ----a-w- c:\windows\system32\mfcm100u.dll
2010-03-18 08:15 . 2010-03-18 08:15 80208 ----a-w- c:\windows\system32\mfcm100.dll
2010-03-18 08:15 . 2010-03-18 08:15 770384 ----a-w- c:\windows\system32\msvcr100.dll
2010-03-18 08:15 . 2010-03-18 08:15 4368720 ----a-w- c:\windows\system32\mfc100u.dll
2010-03-18 08:15 . 2010-03-18 08:15 4342088 ----a-w- c:\windows\system32\mfc100.dll
2010-03-18 08:15 . 2010-03-18 08:15 421200 ----a-w- c:\windows\system32\msvcp100.dll
2010-03-18 08:15 . 2010-03-18 08:15 138056 ----a-w- c:\windows\system32\atl100.dll
.


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\Tyler\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe"=
"c:\\Program Files\\Dragon Age\\tools\\RPU.exe"=
"c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe"=
"c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe"=
"c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5369:TCP"= 5369:TCP:hbyxanp

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 4:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instanta ction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yo yogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
Completion time: 2010-06-14 13:35:13
ComboFix-quarantined-files.txt 2010-06-14 12:34
ComboFix2.txt 2010-06-12 22:27
ComboFix3.txt 2010-06-07 15:35

Pre-Run: 32,456,540,160 bytes free
Post-Run: 32,513,605,632 bytes free

- - End Of File - - 19113009B0C8B9A7F2E3145047ABD1E5

Edis is offline  
Old 15th June 2010   #13
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,790
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Good

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Update your Malwarebytes, run it and post the log.

================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni is offline  
Old 15th June 2010   #14
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4199

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/06/2010 12:36:18
mbam-log-2010-06-15 (12-36-18).txt

Scan type: Quick scan
Objects scanned: 122714
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================================
OTL.txt

OTL logfile created on: 15/06/2010 12:37:56 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tyler\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.90 Gb Total Space | 30.39 Gb Free Space | 13.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TYLERMAINPC
Current User Name: Tyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
PRC - [2010/05/12 22:34:48 | 004,210,544 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/24 16:30:20 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2010/05/24 16:30:20 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/03 15:37:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2009/07/23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/06/29 21:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008/11/25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/13 20:20:32 | 010,232,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/17 20:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/09/15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/03 20:28:37 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)
DRV - [2009/09/03 20:28:37 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)
DRV - [2009/09/03 20:28:37 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)
DRV - [2009/08/14 10:48:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/01 14:51:54 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/25 18:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "C:\\Documents and Settings\\Tyler\\My Documents\\homepage.html"
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 14:04:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 10:11:51 | 000,000,000 | ---D | M]

[2009/07/18 13:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Extensions
[2010/06/10 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions
[2010/01/24 15:21:06 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2009/07/20 17:29:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/19 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instanta ction.com
[2010/02/14 04:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yo yogames.com
[2009/08/15 16:18:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\searchplugins\ask.xml
[2010/06/14 14:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/12 23:20:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 12:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/18 13:42:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/15 12:33:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
[2010/06/13 14:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/13 14:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Visual Studio 2010
[2010/06/13 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/06/13 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/06/12 00:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Stunlock Studios
[2010/06/12 00:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2010/06/07 16:26:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/07 16:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/07 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Rawr
[2010/06/04 18:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
[2010/06/04 18:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/06/04 18:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\DAODB
[2010/06/04 17:53:35 | 519,845,360 | ---- | C] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
[2010/06/04 17:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Unity_TEST
[2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
[2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
[2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/06/04 16:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
[2010/06/04 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2010/06/04 16:49:46 | 170,919,512 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnitySetup-2.6.1.exe
[2010/05/29 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\stl
[2010/05/29 15:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\wp1
[2010/05/28 15:58:49 | 000,558,592 | ---- | C] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
[2010/05/28 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep_Updater
[2010/05/28 13:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Threat Expert
[2010/05/28 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\livebackup
[2010/05/28 12:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Simply Super Software
[2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
[2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 19:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\teamspeak2
[2010/05/27 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
[2010/05/27 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
[2010/05/27 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/27 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Google
[2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Temp
[2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Google
[2010/05/27 11:20:32 | 003,281,501 | ---- | C] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
[2010/05/26 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Dungeons and Dragons Online
[2010/05/26 16:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep3
[2010/05/26 16:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Eve-MEEP
[2010/05/26 16:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\EVEMEEP_3_0_0_1
[2010/05/26 12:07:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\PrivacIE
[2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\PlayOnline
[2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PlayOnline
[2010/05/22 19:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\PKR
[2010/05/20 16:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.GalleryRemote
[2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\StarCraft II Beta
[2010/05/15 18:25:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\IETldCache
[2010/05/15 18:02:27 | 037,517,128 | ---- | C] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
[2010/05/15 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\SC2
[2010/05/15 13:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Yahoo
[2010/05/15 13:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/15 13:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Yahoo!
[2010/05/15 13:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/05/15 13:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/15 13:03:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/15 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Opera
[2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Opera
[2010/05/15 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/05/14 13:02:10 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
[2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.sshterm
[2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.ssh
[2010/05/09 17:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\NVIDIA
[2010/05/09 12:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\secondimgea
[2010/05/07 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\DigiCertSSL_certs
[2010/05/06 13:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Scans
[2010/05/06 13:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Albums
[2010/05/01 14:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\HeroOnline
[2010/04/21 12:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\PSD Archive
[2010/04/21 12:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\APB Screenshots
[2010/04/21 12:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\HardcoreCasuals
[2010/04/21 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Oblivion
[2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Games
[2010/04/20 23:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\polihost.co.uk SSL
[2010/04/18 14:07:56 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010/04/18 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/04/17 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\diablo2
[2010/04/17 15:37:59 | 002,756,664 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
[2010/04/10 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010/04/10 17:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\honakcup
[2010/04/07 22:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\mIRC
[2010/04/05 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
[2010/04/02 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/02 16:46:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
[2010/03/31 08:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Unity
[2010/03/31 08:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Unity
[2010/03/31 08:08:48 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
[2010/03/29 16:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\resources0
[2010/03/21 20:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PunkBuster
[2010/03/20 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtime Worlds
[2010/03/20 02:45:59 | 075,968,560 | ---- | C] (Realtime Worlds) -- C:\Documents and Settings\Tyler\Desktop\APB_Beta-EU_Installer.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
[2010/06/15 11:51:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 11:50:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/15 11:50:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 11:50:04 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/15 11:49:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 11:48:58 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Tyler\NTUSER.DAT
[2010/06/15 11:48:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tyler\ntuser.ini
[2010/06/15 11:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/14 13:33:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 14:42:38 | 000,757,684 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 14:42:38 | 000,613,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 14:42:38 | 000,129,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 14:32:20 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/13 11:35:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
[2010/06/12 23:20:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/12 13:12:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
[2010/06/12 00:39:07 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
[2010/06/09 15:10:07 | 000,876,464 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tyranny2.jpg
[2010/06/09 15:01:40 | 000,282,359 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tyranny.jpg
[2010/06/08 22:44:54 | 000,002,664 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.png
[2010/06/08 22:43:59 | 000,045,053 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.psd
[2010/06/08 22:34:30 | 000,051,120 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\sindra25.jpg
[2010/06/07 16:26:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/04 18:05:10 | 519,845,360 | ---- | M] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
[2010/06/04 17:44:58 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
[2010/06/04 16:55:14 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
[2010/06/04 16:53:26 | 170,919,512 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnitySetup-2.6.1.exe
[2010/06/02 18:30:58 | 000,132,386 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh3.jpg
[2010/06/02 18:30:51 | 000,129,662 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh2.jpg
[2010/06/02 18:30:45 | 000,117,614 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh1.jpg
[2010/06/02 16:37:53 | 008,992,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
[2010/06/02 14:57:51 | 000,646,640 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
[2010/06/01 15:15:14 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
[2010/06/01 15:14:18 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
[2010/06/01 15:10:32 | 000,022,202 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
[2010/06/01 15:09:41 | 000,022,201 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
[2010/05/30 20:16:30 | 000,340,618 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
[2010/05/28 15:58:49 | 000,558,592 | ---- | M] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
[2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/27 23:14:03 | 000,355,352 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
[2010/05/27 22:50:19 | 000,056,183 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
[2010/05/27 19:08:15 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
[2010/05/27 17:11:32 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
[2010/05/27 14:49:31 | 002,121,216 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
[2010/05/27 14:40:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/27 11:20:52 | 003,281,501 | ---- | M] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
[2010/05/26 21:59:32 | 307,361,920 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
[2010/05/25 13:39:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010/05/25 13:32:33 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\FINAL FANTASY XI.lnk
[2010/05/25 13:25:24 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\PlayOnline.lnk
[2010/05/24 22:13:30 | 000,188,704 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/24 21:49:41 | 000,139,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/24 18:10:12 | 006,833,632 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\xfire_installer_42654.exe
[2010/05/22 19:30:06 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Play PKR.lnk
[2010/05/22 08:54:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 19:37:39 | 000,176,456 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb copy.bmp
[2010/05/19 18:54:51 | 005,856,417 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb.psd
[2010/05/19 10:40:20 | 000,034,806 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Myrtle 19 May.gif
[2010/05/18 23:44:00 | 000,741,217 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\pedomobile.png
[2010/05/17 19:08:15 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 17:06:58 | 000,014,805 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Tower Range.honmod
[2010/05/17 11:12:36 | 000,008,629 | ---- | M] () -- C:\sitemap.xml
[2010/05/15 18:31:04 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/05/15 18:24:10 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\MPQEditor.ini
[2010/05/15 14:45:58 | 000,083,204 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
[2010/05/15 13:03:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/15 12:53:21 | 000,025,808 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 12:49:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/05/14 22:17:53 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/05/14 22:17:53 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/05/14 16:04:32 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ccross.png
[2010/05/14 16:04:19 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ctick.png
[2010/05/14 13:24:47 | 000,006,818 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\cpbox1.html
[2010/05/14 13:17:58 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
[2010/05/14 13:02:10 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
[2010/05/12 15:02:26 | 037,517,128 | ---- | M] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
[2010/05/08 19:26:42 | 000,311,230 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
[2010/05/07 20:48:36 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences2.dat
[2010/05/07 20:43:30 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences.dat
[2010/05/07 11:33:39 | 000,326,378 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\PP_Scan.jpg
[2010/05/06 14:14:25 | 000,365,214 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\N2_Scan.jpg
[2010/05/06 14:07:09 | 000,407,172 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\N_Scan.jpg
[2010/05/06 13:52:05 | 000,709,959 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Cscan.jpg
[2010/05/06 13:46:57 | 000,735,959 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Passport_Scan.jpg
[2010/05/05 23:51:27 | 000,319,037 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\drobo27.jpg
[2010/05/02 16:12:22 | 003,348,180 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Minis.psd
[2010/05/02 16:01:17 | 000,067,889 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warrior.png
[2010/05/02 16:00:46 | 000,073,948 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warlock.png
[2010/05/02 16:00:19 | 000,076,753 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Shaman.png
[2010/05/02 15:59:56 | 000,057,273 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Rogue.png
[2010/05/02 15:59:14 | 000,058,234 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Priest.png
[2010/05/02 15:58:54 | 000,048,657 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Paladin.png
[2010/05/02 15:58:26 | 000,057,256 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Mage.png
[2010/05/02 15:57:36 | 000,070,603 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Hunter.png
[2010/05/02 15:56:56 | 000,068,511 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Druid.png
[2010/05/02 15:55:02 | 000,048,201 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_DK.png
[2010/05/02 01:08:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
[2010/05/01 21:49:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 17:39:57 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/04/30 17:39:33 | 002,843,056 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\TeamViewer_Setup.exe
[2010/04/30 16:27:34 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text10.png
[2010/04/30 16:23:09 | 000,002,142 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.jpg
[2010/04/30 14:52:59 | 001,083,066 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\korvui1.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 00:22:40 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/26 00:34:29 | 001,166,999 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\8888.jpg
[2010/04/24 12:06:50 | 000,046,261 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
[2010/04/23 22:23:29 | 000,460,928 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\radkidlol.bmp
[2010/04/23 16:09:15 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010/04/21 11:06:47 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2010/04/21 00:20:08 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\EVE.lnk
[2010/04/20 23:07:10 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\rapidsslcert.crt
[2010/04/20 23:05:44 | 000,001,143 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\TrustedRoot.crt
[2010/04/20 02:34:01 | 529,562,968 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch101786-127381_m.exe
[2010/04/19 16:36:54 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
[2010/04/18 16:34:28 | 002,112,858 | -H-- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\IconCache.db
[2010/04/18 14:25:20 | 000,035,246 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010/04/18 14:23:38 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/18 14:23:38 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/18 14:23:38 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/18 14:07:57 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2010/04/18 14:07:56 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010/04/18 14:07:56 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2010/04/18 03:26:27 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
[2010/04/17 21:29:11 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
[2010/04/17 15:38:01 | 002,756,664 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
[2010/04/13 20:20:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/13 20:20:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/13 20:20:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/04/13 20:20:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/13 14:37:40 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/04/10 01:20:55 | 000,177,289 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\conspiracy.png
[2010/04/08 02:25:45 | 269,152,425 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\HoNTestClient-0.2.0.exe
[2010/04/02 16:46:48 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
[2010/03/31 21:05:47 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/31 08:08:51 | 003,249,480 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
[2010/03/31 00:19:33 | 000,016,292 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\DS_pic.jpg
[2010/03/29 15:59:53 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/03/27 15:00:31 | 000,146,631 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\yesyesyes.jpg
[2010/03/26 16:30:49 | 000,290,816 | ---- | M] (Notausgang) -- C:\Documents and Settings\Tyler\Desktop\HoN_ModMan.exe
[2010/03/26 14:41:30 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to hon.lnk
[2010/03/25 20:49:54 | 000,001,079 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\APB Beta-EU Game Launcher.lnk
[2010/03/25 14:19:27 | 355,046,139 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\HoNClient-0.3.0.exe
[2010/03/23 06:22:33 | 005,749,459 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\leaflet.psd
[2010/03/23 06:16:42 | 004,470,956 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\leaflet_pro.psd
[2010/03/20 06:41:42 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
[2010/03/20 06:41:20 | 002,359,592 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/03/20 03:04:36 | 075,968,560 | ---- | M] (Realtime Worlds) -- C:\Documents and Settings\Tyler\Desktop\APB_Beta-EU_Installer.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Edis is offline  
Old 15th June 2010   #15
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2010
Posts: 14
Computer Experience:
Intermediate
Edis Reputation Level

========== Files Created - No Company Name ==========

[2010/06/13 17:40:04 | 000,285,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-884357618-839522115-1003-0.dat
[2010/06/13 17:40:03 | 000,249,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/13 14:32:20 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/13 11:35:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
[2010/06/12 13:12:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
[2010/06/12 00:39:07 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
[2010/06/09 15:10:06 | 000,876,464 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tyranny2.jpg
[2010/06/09 15:01:40 | 000,282,359 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tyranny.jpg
[2010/06/08 22:44:54 | 000,002,664 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.png
[2010/06/08 22:34:30 | 000,051,120 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\sindra25.jpg
[2010/06/07 16:26:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/07 16:26:16 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/04 16:55:14 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
[2010/06/02 18:30:57 | 000,132,386 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh3.jpg
[2010/06/02 18:30:51 | 000,129,662 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh2.jpg
[2010/06/02 18:30:45 | 000,117,614 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh1.jpg
[2010/06/02 16:37:42 | 008,992,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
[2010/06/02 14:57:51 | 000,646,640 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
[2010/06/01 15:15:13 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
[2010/06/01 15:14:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
[2010/06/01 15:10:32 | 000,022,202 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
[2010/06/01 13:44:17 | 000,022,201 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
[2010/05/30 20:16:29 | 000,340,618 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
[2010/05/28 12:13:02 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/28 12:13:02 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/05/28 12:13:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/28 12:13:02 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/27 22:50:18 | 000,056,183 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
[2010/05/27 19:08:15 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
[2010/05/27 17:11:32 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
[2010/05/27 16:55:41 | 000,355,352 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
[2010/05/27 14:40:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/27 14:38:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/27 14:38:44 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 13:49:53 | 002,121,216 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
[2010/05/26 21:52:41 | 307,361,920 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
[2010/05/26 16:12:24 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
[2010/05/25 13:39:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/05/25 13:32:33 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\FINAL FANTASY XI.lnk
[2010/05/25 13:25:24 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\PlayOnline.lnk
[2010/05/24 18:10:05 | 006,833,632 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\xfire_installer_42654.exe
[2010/05/22 19:30:06 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Play PKR.lnk
[2010/05/19 19:37:34 | 000,176,456 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\m_fb copy.bmp
[2010/05/19 18:27:42 | 000,034,806 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Myrtle 19 May.gif
[2010/05/19 16:52:25 | 005,856,417 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\m_fb.psd
[2010/05/18 23:43:57 | 000,741,217 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\pedomobile.png
[2010/05/17 11:12:35 | 000,008,629 | ---- | C] () -- C:\sitemap.xml
[2010/05/17 10:29:31 | 000,045,053 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.psd
[2010/05/15 18:27:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/05/15 14:10:18 | 000,083,204 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
[2010/05/15 12:53:21 | 000,025,808 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 12:49:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/05/14 16:04:32 | 000,001,027 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ccross.png
[2010/05/14 16:04:19 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ctick.png
[2010/05/14 13:24:47 | 000,006,818 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\cpbox1.html
[2010/05/14 13:04:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
[2010/05/07 11:33:39 | 000,326,378 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\PP_Scan.jpg
[2010/05/06 14:14:25 | 000,365,214 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\N2_Scan.jpg
[2010/05/06 14:07:08 | 000,407,172 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\N_Scan.jpg
[2010/05/06 13:52:05 | 000,709,959 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\Cscan.jpg
[2010/05/06 13:46:57 | 000,735,959 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\Passport_Scan.jpg
[2010/05/05 23:51:27 | 000,319,037 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\drobo27.jpg
[2010/05/02 16:01:17 | 000,067,889 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warrior.png
[2010/05/02 16:00:46 | 000,073,948 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warlock.png
[2010/05/02 16:00:19 | 000,076,753 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Shaman.png
[2010/05/02 15:59:56 | 000,057,273 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Rogue.png
[2010/05/02 15:59:14 | 000,058,234 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Priest.png
[2010/05/02 15:58:54 | 000,048,657 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Paladin.png
[2010/05/02 15:58:25 | 000,057,256 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Mage.png
[2010/05/02 15:57:36 | 000,070,603 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Hunter.png
[2010/05/02 15:56:56 | 000,068,511 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Druid.png
[2010/05/02 15:55:02 | 000,048,201 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_DK.png
[2010/05/02 01:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
[2010/04/30 17:39:57 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/04/30 17:39:31 | 002,843,056 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\TeamViewer_Setup.exe
[2010/04/30 16:27:34 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text10.png
[2010/04/30 16:23:09 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.jpg
[2010/04/30 14:52:59 | 001,083,066 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\korvui1.jpg
[2010/04/26 00:34:29 | 001,166,999 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\8888.jpg
[2010/04/23 22:23:28 | 000,460,928 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\radkidlol.bmp
[2010/04/21 11:15:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/04/21 11:06:47 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2010/04/20 23:07:10 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\rapidsslcert.crt
[2010/04/20 23:05:44 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\TrustedRoot.crt
[2010/04/20 02:04:28 | 529,562,968 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch101786-127381_m.exe
[2010/04/19 17:36:50 | 000,311,230 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
[2010/04/18 14:14:58 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
[2010/04/18 14:08:30 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/18 14:08:30 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/18 14:08:30 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/18 14:07:57 | 000,035,246 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010/04/18 14:07:57 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2010/04/18 14:07:56 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2010/04/18 03:26:27 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
[2010/04/13 14:37:40 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/13 14:37:40 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/04/10 17:17:55 | 000,014,805 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Tower Range.honmod
[2010/04/10 01:20:55 | 000,177,289 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\conspiracy.png
[2010/04/08 02:20:06 | 269,152,425 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\HoNTestClient-0.2.0.exe
[2010/03/31 00:19:33 | 000,016,292 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\DS_pic.jpg
[2010/03/29 16:00:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/03/27 15:00:31 | 000,146,631 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\yesyesyes.jpg
[2010/03/26 14:43:36 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
[2010/03/26 14:41:30 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to hon.lnk
[2010/03/25 20:49:54 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APB Beta-EU Game Launcher.lnk
[2010/03/25 14:10:49 | 355,046,139 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\HoNClient-0.3.0.exe
[2010/03/23 06:09:35 | 004,470,956 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\leaflet_pro.psd
[2010/03/23 04:43:36 | 005,749,459 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\leaflet.psd
[2010/03/21 20:57:36 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/03/20 06:41:42 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
[2010/03/20 06:41:42 | 000,139,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/20 06:41:23 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/20 06:41:20 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/03/20 06:41:19 | 002,359,592 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2010/03/20 05:21:48 | 000,046,261 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
[2009/12/17 16:43:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/10/02 02:17:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/17 21:05:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/03 20:41:44 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2009/07/18 13:35:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/13 03:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2009/08/14 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/12/02 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Games
[2010/02/27 13:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/05/28 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/03/02 15:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/28 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/04 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2010/02/14 04:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/07/18 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/12/31 17:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{85C726A3-72A8-4199-9F59-131D37365211}
[2010/06/11 23:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\BitTorrent
[2009/08/14 19:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\DAEMON Tools Lite
[2010/06/04 18:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
[2010/06/09 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\EVEMon
[2010/06/08 22:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\FileZilla
[2009/07/19 23:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GarageGames
[2009/09/24 20:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GetRightToGo
[2009/11/08 00:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Octoshape
[2010/02/11 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\OpenOffice.org
[2010/05/15 12:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Opera
[2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
[2009/07/20 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PirateGalaxy
[2010/03/02 15:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Publish Providers
[2010/05/28 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
[2010/03/02 15:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony
[2010/01/17 01:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony Setup
[2010/06/15 12:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Spotify
[2010/04/30 17:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TeamViewer
[2010/05/27 19:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
[2009/07/19 13:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Turbine
[2010/04/05 15:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
[2010/06/04 16:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/18 13:46:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/18 13:46:12 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/18 13:46:12 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 1229 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JrbCQybKcFbiIfm9UlDnPvF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1064 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ep1UgAeivSTOEVO0Haz59R
< End of report >

Edis is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 06:24.


Recent Discussions
PC Will Not Boot After HDDs Re-Arra.. (0)
WD External Hard Drives not recogin.. (4)
BSoD (31)
Can't get Win7 shortcuts to open in.. (13)
Changing default View Fields in Out.. (3)
Dell Studio 540 350watt psu require.. (25)
Firefox and Thunderbird Version 31... (5)
How do I check links in favorites t.. (3)
CD player application (3)
Re-starting IE8 every time I change.. (1)
Battery available (free) for Arris .. (0)
Weather station software. (11)
Windows Update Failure (3)
Any advice on an iPhone? (1)
Need digital clock for comp that I .. (4)
Sound goes AWOL (6)
Need good replacement for Wordpad i.. (2)
Eliminating setpoint32.exe error (10)
xpwin grid limited width (10)
Combining partitions w/ Disk Manage.. (4)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.35255 seconds with 7 queries