Solved Fake antivirus popus

popvictor · 2010/04/19

[Resolved] Fake antivirus popus

Hi. There was this random antivirus popup while I browsing the internet. I believe it's a fake antivirus popup so I didn't accept the download offer when I was asked. When the popup was there, I couldn't run my antivirus programs nor launch taskmanager. I then launched msconfig and realized there's this "asam.exe" that I never downloaded. I then disabled its automatic start up in msconfig, rebooted my computer, and went to the folder and deleted the thing. I'm not sure if I have completely removed that asam thingy though. Id really appreciate it if someone could help me on this.

Here is my log

DDS (Ver_10-03-17.01) - NTFSX64
Run by Keeou at 19:19:38.07 on Mon 04/19/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.6141.4352 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\MSTMON_Y.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Keeou\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files (x86)\flashget\jccatch.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.1.10.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files (x86)\flashget\getflash.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\keeou\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe "
mRun: [D-Link RangeBooster G WUA-2340] "c:\program files (x86)\d-link\rangebooster g wua-2340\AirPlusCFG.exe "
mRun: [ANIWZCS2Service] "c:\program files (x86)\ani\aniwzcs2 service\WZCSLDR2.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files (x86)\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\flashget\jc_link.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files (x86)\fiddler2\Fiddler.exe "
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.1.10.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files (x86)\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [KONICA MINOLTA PagePro 1400W STD] c:\windows\system32\MSTMON_Y.EXE STARTUP

================= FIREFOX ===================

FF - ProfilePath - c:\users\keeou\appdata\roaming\mozilla\firefox\profiles\skfqqcaj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8888
FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\keeou\appdata\roaming\mozilla\firefox\profiles\skfqqcaj.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\keeou\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\keeou\appdata\roaming\mozilla\firefox\profiles\skfqqcaj.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\keeou\appdata\roaming\mozilla\firefox\profiles\skfqqcaj.default\extensions\reader_plugin@ebrary.com\plugins\NPinfotl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-31 69152]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwfx.sys [2009-6-9 26624]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-2 202752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-4 65072]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-17 434864]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx64.sys [2009-6-9 1077760]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-2 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-2 188928]
S2 gupdate1ca0aacd84a98b0;Google Update Service (gupdate1ca0aacd84a98b0);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2007-9-12 93184]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-7-5 12744]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2009-6-21 30528]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;c:\users\keeou\desktop\me\MLE1365.sys [2010-3-26 29824]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\d-link\rangebooster g wua-2340\jswutilvst\jswpsapi.exe [2009-6-9 954368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-11-21 19968]
S3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr6164.sys [2009-6-9 390144]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-04-20 01:57:00 0 d-----w- c:\users\keeou\appdata\roaming\Malwarebytes
2010-04-20 01:56:53 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 01:56:53 0 d-----w- c:\programdata\Malwarebytes
2010-04-20 01:56:53 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-20 01:31:59 0 d-----w- C:\SDFix
2010-04-20 01:25:28 0 d-----w- c:\program files (x86)\TrendMicro
2010-04-15 01:28:56 36864 ----a-w- c:\windows\syswow64\eehudgh.dll
2010-04-11 04:01:38 34 ----a-w- c:\windows\NPinfotl.INI
2010-04-07 00:41:50 0 d-----w- c:\program files\Ventrilo
2010-04-07 00:41:48 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2010-04-07 00:41:26 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-03-31 18:57:04 0 d-----w- c:\program files\iPod
2010-03-31 18:57:03 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-03-31 18:57:03 0 d-----w- c:\program files\iTunes
2010-03-31 18:57:03 0 d-----w- c:\program files (x86)\iTunes
2010-03-31 18:53:09 0 d-----w- c:\program files\Bonjour
2010-03-31 18:53:09 0 d-----w- c:\program files (x86)\Bonjour
2010-03-30 17:51:31 0 d-----w- c:\users\keeou\appdata\roaming\Atari
2010-03-30 17:49:58 197120 ----a-w- c:\windows\patchw32.dll
2010-03-30 17:49:58 0 d-----w- c:\program files (x86)\common files\PocketSoft
2010-03-30 17:47:36 0 d-----w- c:\program files (x86)\Atari
2010-03-28 20:05:44 0 d-----w- c:\programdata\ATI
2010-03-27 20:21:22 0 d-----w- c:\program files (x86)\Fiddler2
2010-03-25 22:41:28 87472 ----a-w- c:\windows\syswow64\ijjiChannelingPlugin.dll
2010-03-25 22:41:28 710064 ----a-w- c:\windows\syswow64\ijjiSetup.exe
2010-03-25 22:41:28 61440 ----a-w- c:\windows\syswow64\uc_atlantica_launching.dll
2010-03-25 22:41:28 58800 ----a-w- c:\windows\syswow64\ijjiProcessRestarter.exe
2010-03-25 22:41:28 58800 ----a-w- c:\windows\syswow64\ijjiPlugin2.dll
2010-03-25 22:41:28 53248 ----a-w- c:\windows\syswow64\uc_luminary_launching.dll
2010-03-25 22:41:28 0 d-----w- c:\program files (x86)\ijji
2010-03-25 18:17:05 0 d-----w- C:\ijji
2010-03-25 18:16:36 0 d-----w- c:\programdata\InstallShield

==================== Find3M ====================

2010-04-15 01:30:22 9728 ----a-w- c:\windows\syswow64\BASSMOD.dll
2010-03-31 18:53:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-31 18:53:58 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-31 18:53:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 17:48:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-19 17:48:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-03 04:23:10 6402560 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-03-03 04:23:10 6402560 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-03-03 04:16:38 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 04:16:26 446464 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-03-03 04:15:30 497152 ----a-w- c:\windows\system32\aticfx64.dll
2010-03-03 04:13:04 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 04:12:52 450560 ----a-w- c:\windows\system32\atieclxx.exe
2010-03-03 04:12:12 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-03-03 04:10:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-03-03 04:10:12 420864 ----a-w- c:\windows\system32\atipdl64.dll
2010-03-03 04:10:04 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-03-03 04:09:48 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-03-03 04:09:40 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-03-03 04:09:34 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-03-03 04:09:28 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-03-03 04:06:18 3131392 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-03-03 04:04:46 18798080 ----a-w- c:\windows\system32\atio6axx.dll
2010-03-03 03:57:00 3800576 ----a-w- c:\windows\system32\atidxx64.dll
2010-03-03 03:46:42 3703808 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-03-03 03:45:02 14226944 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-03-03 03:39:46 4801536 ----a-w- c:\windows\system32\atiumd64.dll
2010-03-03 03:32:06 2716160 ----a-w- c:\windows\system32\atiumd6a.dll
2010-03-03 03:24:24 2993152 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-03-03 03:23:52 55296 ----a-w- c:\windows\system32\coinst.dll
2010-03-03 03:20:22 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-03-03 03:20:20 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-03-03 03:20:10 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-03-03 03:20:08 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-03-03 03:19:56 4781568 ----a-w- c:\windows\system32\aticaldd64.dll
2010-03-03 03:18:56 3657728 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-03-03 03:08:50 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-03-03 03:08:50 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-03-03 03:08:44 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-03-03 03:08:44 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-03-03 03:08:14 330752 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:08:06 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-03-03 03:07:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-03-03 03:07:48 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-03-03 03:07:48 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-03-03 03:07:44 16896 ----a-w- c:\windows\system32\atig6txx.dll
2010-03-03 03:07:38 15360 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-03-03 03:07:32 188928 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-03-03 03:06:50 36352 ----a-w- c:\windows\system32\atiuxp64.dll
2010-03-03 03:06:42 27648 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-03-03 03:06:34 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-03-03 03:06:26 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-03-03 03:06:06 26112 ----a-w- c:\windows\system32\atitmp64.dll
2010-03-03 03:05:42 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-25 19:55:46 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 17:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 03:26:00 147456 ----a-w- c:\windows\syswow64\uc_neosteam_launching.dll
2010-02-20 23:44:53 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:42:16 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:39:35 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-20 21:40:37 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 19:01:24 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 19:01:24 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 18:46:14 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-02-12 18:46:14 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-02-04 18:01:14 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 18:01:14 74072 ----a-w- c:\windows\syswow64\XAPOFX1_4.dll
2010-02-04 18:01:14 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 18:01:14 528216 ----a-w- c:\windows\syswow64\XAudio2_6.dll
2010-02-04 18:01:14 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 18:01:14 238936 ----a-w- c:\windows\syswow64\xactengine3_6.dll
2010-02-04 18:01:14 22360 ----a-w- c:\windows\syswow64\X3DAudio1_7.dll
2010-02-04 18:01:14 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-01-26 21:09:26 260872 ----a-w- c:\windows\system32\PDBoot.exe
2010-01-23 10:00:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:44:02 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-22 17:24:36 64000 ----a-w- c:\windows\syswow64\uc_sfighters_launching.dll
2009-06-23 22:29:30 72171 ----a-w- c:\program files (x86)\info_NEW
2009-06-23 22:29:30 72063 ----a-w- c:\program files (x86)\infLD
2009-06-23 22:29:30 6403262 ----a-w- c:\program files (x86)\spk_OLD
2009-06-23 22:29:30 2899688 ----a-w- c:\program files (x86)\spk_NEW
2009-06-09 23:57:57 174 --sha-w- c:\program files\desktop.ini
2009-06-09 23:57:57 174 --sha-w- c:\program files (x86)\desktop.ini
2007-09-12 23:30:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-21 18:59:34 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:20:05.72 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2009 4:58:06 PM
System Uptime: 4/19/2010 7:03:09 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EX58-EXTREME
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 1366 | 2660/140mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 282 GiB total, 93.285 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
S: is FIXED (NTFS) - 184 GiB total, 181.687 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3425&SUBSYS_00000000&REV_12\3&13C0B0C5&1&80
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3425&SUBSYS_00000000&REV_12\3&13C0B0C5&1&80
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3426&SUBSYS_00000000&REV_12\3&13C0B0C5&1&81
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3426&SUBSYS_00000000&REV_12\3&13C0B0C5&1&81
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3427&SUBSYS_00000000&REV_12\3&13C0B0C5&1&88
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3427&SUBSYS_00000000&REV_12\3&13C0B0C5&1&88
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3428&SUBSYS_00000000&REV_12\3&13C0B0C5&1&89
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3428&SUBSYS_00000000&REV_12\3&13C0B0C5&1&89
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_342D&SUBSYS_00000000&REV_12\3&13C0B0C5&1&98
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_342D&SUBSYS_00000000&REV_12\3&13C0B0C5&1&98
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_342E&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A0
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_342E&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A0
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3422&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A1
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3422&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A1
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_3423&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A2
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_3423&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A2
Service:

Class GUID:
Description: System Interrupt Controller
Device ID: PCI\VEN_8086&DEV_342F&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A8
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_8086&DEV_342F&SUBSYS_00000000&REV_12\3&13C0B0C5&1&A8
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1461CA0F&0&00E4
Manufacturer: Realtek
Name: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1461CA0F&0&00E4
Service: RTL8169

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1F2B975C&0&00E5
Manufacturer: Realtek
Name: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1F2B975C&0&00E5
Service: RTL8169

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&1&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&1&FB
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP227: 4/14/2010 1:25:51 PM - Scheduled Checkpoint
RP228: 4/19/2010 6:25:05 PM - Installed HiJackThis

==== Installed Programs ======================

???? 5.6???
???? 6.00 ???
@BIOS Ver.2.03
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AI RoboForm (All Users)
ANIWZCS2 Service
Apple Application Support
Apple Software Update
BitComet 1.18
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Charles
Cheat Engine 5.5
Chinese Simplified Fonts Support For Adobe Reader 9
Chinese Traditional Fonts Support For Adobe Reader 9
Cisco AnyConnect VPN Client
Combined Community Codec Pack 2008-09-21 16:18
ConvertXtoDVD 3.6.11.172
Counter-Strike: Source
DFOLauncher
Driver Sweeper 1.5.5
Easy Tune 6 B08.1124.1
Face_Wizard B08.0908.01
Fantasy Earth Zero
FarmHelper
Fiddler2
FlashGet 1.9.6.1073
Futuremark SystemInfo
Gigabyte Wireless LAN Card
Google Chrome
Google Earth
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ijji REACTOR
Java(TM) 6 Update 17
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.3)
MSVCRT
Netmarble Fiefox Plugin Updater Installer
Online Video Hunter Professional v 2.1.0.2
OpenAL
PunkBuster Services
Quick Macro v6.20
QuickTime
Ralink RT6x Wireless LAN Card
RangeBooster G WUA-2340
RCT3 Soaked
Real Alternative 1.9.0
RollerCoaster Tycoon® 3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Soul of the Ultimate Nation
Source SDK Base
Steam
Team Fortress 2
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
Vista Anti-Lag 1.1.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
VMware Workstation
VTFEdit 1.2.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

4/19/2010 6:38:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/19/2010 6:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/19/2010 6:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/19/2010 6:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/19/2010 6:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/19/2010 6:37:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/19/2010 6:36:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC JSWPSLWF NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/19/2010 6:36:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2010 6:09:09 PM, Error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
4/14/2010 6:28:50 PM, Error: Service Control Manager [7000] - The WINIO service failed to start due to the following error: This driver has been blocked from loading
4/14/2010 6:28:49 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\QMacro\winio.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/14/2010 6:26:58 PM, Error: Service Control Manager [7000] - The WINIO service failed to start due to the following error: The filename, directory name, or volume label syntax is incorrect.
4/12/2010 9:45:27 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032

==== End Of File ===========================

broni · 2010/04/19

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

popvictor · 2010/04/21

Hi, sorry for posting this after 2 days... was quite busy.

MalwareBytes
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4018

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

4/21/2010 3:48:19 PM
mbam-log-2010-04-21 (15-48-19).txt

Scan type: Quick scan
Objects scanned: 112003
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Keeou\AppData\Local\Temp\jdlI.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Qmer - It told me that it didn't find anything.

HiJackThis - I downloaded version 2.0.4 because 2.0.2 is not available on their download page.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:14 PM, on 4/21/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Keeou\Downloads\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] "C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe "
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Keeou\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca0aacd84a98b0) (gupdate1ca0aacd84a98b0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12182 bytes

broni · 2010/04/21

What is your AV program, because I can't see any running?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

popvictor · 2010/04/22

Part 1 of OTL
OTL
OTL logfile created on: 4/22/2010 12:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Keeou\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.10 Gb Total Space | 95.14 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 183.65 Gb Total Space | 181.69 Gb Free Space | 98.93% Space Free | Partition Type: NTFS

Computer Name: KEEOU-PC
Current User Name: Keeou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/22 00:30:55 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Keeou\Downloads\OTL.exe
PRC - [2010/04/06 17:30:17 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/05 19:04:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 17:30:16 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/17 21:39:13 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/05 22:33:55 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/17 13:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/09/23 22:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
PRC - [2007/04/10 12:24:26 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Vista Anti-Lag\val.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

========== Modules (SafeList) ==========

MOD - [2010/04/22 00:30:55 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Keeou\Downloads\OTL.exe
MOD - [2008/11/21 11:48:59 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/11/21 11:44:16 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/02 21:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/26 14:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 14:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/11/21 11:54:47 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/11/21 11:54:00 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/11/21 11:52:12 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/11/21 11:44:01 | 000,689,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/11/21 11:42:34 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/11/21 11:42:24 | 001,147,904 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV - [2010/04/06 17:30:17 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/06 01:15:38 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/07/05 22:33:55 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/17 13:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/05/06 13:50:00 | 002,756,910 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/19 03:36:40 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/04 08:53:02 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/28 07:33:34 | 000,114,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/20 11:11:38 | 000,101,904 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009/08/14 20:21:00 | 000,076,336 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/08/14 20:20:54 | 000,038,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/08/14 20:20:48 | 000,030,256 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/08/14 20:20:44 | 000,065,072 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/08/14 20:20:44 | 000,029,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/08/14 13:40:04 | 000,038,960 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/08/14 13:40:04 | 000,037,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009/08/14 13:40:04 | 000,020,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/06/17 13:02:03 | 000,024,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/11/26 21:51:18 | 000,390,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:64bit: - [2008/11/21 11:54:21 | 000,161,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2008/11/21 11:53:59 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/11/21 11:42:20 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/08/07 02:08:46 | 001,077,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AGUx64.sys -- (A5AGU)
DRV:64bit: - [2008/05/15 03:28:52 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/09/12 11:55:38 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/02 19:13:44 | 000,051,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009/12/10 02:14:07 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\vvprotect.sys -- (VVProtect)
DRV - [2009/09/18 01:37:44 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/09/18 01:37:36 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/06/09 16:53:26 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/01 11:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2004/12/30 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555;

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: " "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: " "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: " "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: " "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.8.2
FF - prefs.js..extensions.enabledItems: reader_plugin@ebrary.com:3.2.3.0
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: " "
FF - prefs.js..network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..network.proxy.ssl_port: 8888

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/31 22:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/03/27 13:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 19:04:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/09 11:53:15 | 000,000,000 | ---D | M]

[2009/06/09 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Extensions
[2010/04/21 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions
[2009/12/16 21:12:58 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2010/01/30 00:06:43 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/12/17 14:37:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/05 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\battlefieldheroespatcher@ea.com
[2010/04/10 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\reader_plugin@ebrary.com
[2010/04/21 15:29:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/17 01:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/04/20 17:00:34 | 000,049,152 | ---- | M] (Netmarble) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMFFUpdater.dll
[2009/07/09 13:33:28 | 000,106,496 | ---- | M] (CJInternet Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMNetmarbleDownload.dll
[2009/01/07 11:51:26 | 000,095,784 | ---- | M] (CJ Internet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMStarter.dll
[2009/05/21 16:31:30 | 000,153,072 | ---- | M] (CJ Internet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMSystemInformer.dll
[2009/04/20 17:01:50 | 000,180,343 | ---- | M] (Netmarble) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMWebMessengerPlugin.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/02/22 18:45:04 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/10/29 11:08:20 | 000,000,759 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\SysNative\MSTMON_Y.EXE ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keeou\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keeou\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2006/11/02 06:34:09 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2006/11/02 06:34:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/19 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Malwarebytes
[2010/04/19 18:56:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/19 18:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/19 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 18:31:59 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/04/19 18:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/04/19 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Local\gtsgtuxfd
[2010/04/18 02:36:52 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Pet Society Files
[2010/04/06 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Ventrilo
[2010/04/06 17:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/04/06 17:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/31 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/03/31 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/03/30 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\RCT3
[2010/03/30 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Atari
[2010/03/30 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Leadertech
[2010/03/30 10:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft
[2010/03/30 10:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2010/03/29 21:58:52 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Roller Coaster Tycoon 3
[2010/03/28 13:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/03/27 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2010/03/25 15:41:28 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010/03/25 15:41:28 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010/03/25 15:41:28 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010/03/25 15:41:28 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010/03/25 15:41:28 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010/03/25 15:41:28 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010/03/25 15:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010/03/25 11:17:05 | 000,000,000 | ---D | C] -- C:\ijji
[2010/03/25 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/19 10:46:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/16 15:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/16 03:13:05 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Unclassified
[2010/03/16 03:10:25 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\DFO stuff
[2010/03/16 01:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/03/06 21:44:06 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\TS3Client
[2010/03/06 21:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/03/05 04:16:28 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\vba link
[2010/03/05 02:42:45 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\VBA-M
[2010/03/05 02:42:34 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\VBA
[2010/03/03 02:17:42 | 000,121,856 | ---- | C] (csie.org) -- C:\Users\Keeou\Desktop\piaipRCHack_v1.23.exe
[2010/03/02 21:10:04 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/02 21:09:48 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/02 21:09:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/02/27 23:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2010/02/23 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/02/23 01:17:36 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Local\Cisco
[2010/02/23 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/23 01:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/02/22 20:26:00 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/02/17 21:04:45 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/02/17 21:04:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/02/17 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\Sparkplay Media
[2010/02/15 19:48:47 | 000,000,000 | ---D | C] -- C:\CafeWorldBot
[2010/01/30 00:13:45 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\Adobe
[2010/01/30 00:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2010/01/30 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\BitComet
[2010/01/30 00:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/01/22 10:24:36 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Keeou\Desktop\*.tmp files -> C:\Users\Keeou\Desktop\*.tmp -> ]

popvictor · 2010/04/22

Part 2 OTL

========== Files - Modified Within 90 Days ==========

[2010/04/22 00:31:27 | 037,748,736 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT
[2010/04/22 00:08:03 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40005009-1EEE-476C-855F-CC7A5A1E1F4B}.job
[2010/04/22 00:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196810349-582042857-520598846-1000UA.job
[2010/04/21 23:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 22:35:59 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 22:35:59 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 21:43:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 18:38:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/21 18:36:49 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{89F87F6F-82B2-42D3-BF9F-5C2E1A614E45}
[2010/04/21 18:36:45 | 000,000,006 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{89F87F6F-82B2-42D3-BF9F-5C2E1A614E45}
[2010/04/21 18:36:24 | 000,016,596 | ---- | M] () -- C:\Windows\MSTMON_Y.INI
[2010/04/21 18:36:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/21 18:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 18:35:55 | 2144,854,015 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 18:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/04/21 18:34:55 | 000,065,536 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/04/21 18:34:52 | 002,979,593 | -H-- | M] () -- C:\Users\Keeou\AppData\Local\IconCache.db
[2010/04/21 16:14:59 | 000,083,968 | ---- | M] () -- C:\Users\Keeou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 23:09:37 | 000,012,286 | ---- | M] () -- C:\Users\Keeou\Documents\hard terms.docx
[2010/04/20 01:43:38 | 000,108,430 | ---- | M] () -- C:\Users\Keeou\Desktop\zombieevfull.jpg
[2010/04/19 18:56:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 18:22:18 | 000,699,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/19 18:22:18 | 000,605,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/19 18:22:18 | 000,107,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/19 17:59:46 | 000,060,672 | ---- | M] () -- C:\Users\Keeou\AppData\Local\syssvc.exe
[2010/04/19 05:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196810349-582042857-520598846-1000Core.job
[2010/04/19 00:46:56 | 000,000,034 | ---- | M] () -- C:\Windows\NPinfotl.INI
[2010/04/18 02:51:28 | 000,011,515 | ---- | M] () -- C:\Users\Keeou\Documents\Term Test.docx
[2010/04/16 18:58:00 | 000,016,881 | ---- | M] () -- C:\Users\Keeou\Desktop\front.bin
[2010/04/16 18:55:42 | 000,037,822 | ---- | M] () -- C:\Users\Keeou\Desktop\restaurant.bin
[2010/04/14 18:30:22 | 000,009,728 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/14 18:30:13 | 000,000,410 | ---- | M] () -- C:\Windows\win.ini
[2010/04/14 18:29:53 | 000,000,763 | ---- | M] () -- C:\Users\Keeou\Desktop\Quick Macro 6.lnk
[2010/04/14 18:10:27 | 196,303,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 23:41:34 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/06 17:41:52 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/06 17:41:50 | 000,000,752 | ---- | M] () -- C:\Users\Keeou\Desktop\Ventrilo.lnk
[2010/04/04 18:01:21 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2010/03/31 23:05:33 | 000,002,042 | ---- | M] () -- C:\Users\Keeou\Desktop\Google Chrome.lnk
[2010/03/31 11:57:36 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 10:59:40 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/26 12:29:45 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010/03/24 11:42:51 | 000,000,162 | -H-- | M] () -- C:\Users\Keeou\Desktop\~$w Microsoft Office Word Document (2).docx
[2010/03/24 03:38:33 | 000,010,645 | ---- | M] () -- C:\Users\Keeou\Documents\Apposition.docx
[2010/03/19 10:48:56 | 000,095,024 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/03/19 10:48:47 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/03/17 23:25:14 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/03/17 11:14:06 | 000,000,525 | ---- | M] () -- C:\Users\Public\Desktop\FarmHelper.lnk
[2010/03/16 21:16:18 | 000,001,174 | ---- | M] () -- C:\Users\Keeou\Desktop\Counter-Strike Source.lnk
[2010/03/16 03:01:23 | 000,100,448 | ---- | M] () -- C:\Users\Keeou\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/16 02:59:27 | 000,384,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/16 02:55:07 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/03/15 19:50:08 | 000,000,732 | ---- | M] () -- C:\Users\Keeou\AppData\Local\d3d9caps64.dat
[2010/03/14 23:25:53 | 000,001,356 | ---- | M] () -- C:\Users\Keeou\AppData\Local\d3d9caps.dat
[2010/03/06 21:44:00 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/03/03 02:17:43 | 000,121,856 | ---- | M] (csie.org) -- C:\Users\Keeou\Desktop\piaipRCHack_v1.23.exe
[2010/03/02 21:23:10 | 006,402,560 | ---- | M] () -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/02 21:23:10 | 006,402,560 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/02 21:16:42 | 000,033,616 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/02 21:16:38 | 000,143,360 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/02 21:15:30 | 000,497,152 | ---- | M] () -- C:\Windows\SysNative\aticfx64.dll
[2010/03/02 21:13:04 | 000,446,464 | ---- | M] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/02 21:12:52 | 000,450,560 | ---- | M] () -- C:\Windows\SysNative\atieclxx.exe
[2010/03/02 21:12:12 | 000,202,752 | ---- | M] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/02 21:10:34 | 000,120,320 | ---- | M] () -- C:\Windows\SysNative\atitmm64.dll
[2010/03/02 21:10:12 | 000,420,864 | ---- | M] () -- C:\Windows\SysNative\atipdl64.dll
[2010/03/02 21:10:04 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/02 21:09:48 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/02 21:09:40 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\atimuixx.dll
[2010/03/02 21:09:34 | 000,059,392 | ---- | M] () -- C:\Windows\SysNative\atiedu64.dll
[2010/03/02 21:09:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/03/02 21:04:46 | 018,798,080 | ---- | M] () -- C:\Windows\SysNative\atio6axx.dll
[2010/03/02 20:57:00 | 003,800,576 | ---- | M] () -- C:\Windows\SysNative\atidxx64.dll
[2010/03/02 20:39:46 | 004,801,536 | ---- | M] () -- C:\Windows\SysNative\atiumd64.dll
[2010/03/02 20:32:06 | 002,716,160 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/03/02 20:29:44 | 000,511,072 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/02 20:24:00 | 000,511,072 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/02 20:23:52 | 000,055,296 | ---- | M] () -- C:\Windows\SysNative\coinst.dll
[2010/03/02 20:20:22 | 000,043,008 | ---- | M] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/02 20:20:10 | 000,039,936 | ---- | M] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/02 20:19:56 | 004,781,568 | ---- | M] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\atimpc64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/02 20:08:14 | 000,330,752 | ---- | M] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/02 20:07:54 | 000,014,848 | ---- | M] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/02 20:07:48 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/02 20:07:44 | 000,016,896 | ---- | M] () -- C:\Windows\SysNative\atig6txx.dll
[2010/03/02 20:07:32 | 000,188,928 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/02 20:06:50 | 000,036,352 | ---- | M] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/03/02 20:06:34 | 000,028,160 | ---- | M] () -- C:\Windows\SysNative\atiu9p64.dll
[2010/03/02 20:06:06 | 000,026,112 | ---- | M] () -- C:\Windows\SysNative\atitmp64.dll
[2010/03/02 20:05:42 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/03/02 13:57:10 | 000,020,692 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/02/25 12:55:46 | 000,201,875 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/22 20:26:00 | 000,147,456 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/02/20 16:44:53 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 16:42:16 | 000,033,792 | ---- | M] () -- C:\Windows\SysNative\httpapi.dll
[2010/02/12 12:01:24 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/02/12 12:01:24 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/02/04 11:01:14 | 000,530,776 | ---- | M] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/04 11:01:14 | 000,176,984 | ---- | M] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/04 11:01:14 | 000,078,680 | ---- | M] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/04 11:01:14 | 000,024,920 | ---- | M] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/04 08:53:02 | 000,069,152 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/02 12:16:36 | 000,000,021 | ---- | M] () -- C:\Windows\SysWow64\run.bat
[2010/01/30 00:06:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/01/29 11:26:34 | 000,391,117 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (7).wma
[2010/01/29 11:25:53 | 000,175,597 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (6).wma
[2010/01/28 17:20:37 | 001,527,087 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (5).wma
[2010/01/28 17:16:59 | 000,876,037 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (4).wma
[2010/01/28 17:14:41 | 000,269,887 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (3).wma
[2010/01/28 17:14:17 | 000,045,387 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (2).wma
[2010/01/28 17:14:07 | 000,103,757 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled.wma
[2010/01/28 07:33:34 | 000,114,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/26 14:09:26 | 000,260,872 | ---- | M] () -- C:\Windows\SysNative\PDBoot.exe
[2010/01/22 10:24:36 | 000,064,000 | ---- | M] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Keeou\Desktop\*.tmp files -> C:\Users\Keeou\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/20 23:09:36 | 000,012,286 | ---- | C] () -- C:\Users\Keeou\Documents\hard terms.docx
[2010/04/20 01:43:38 | 000,108,430 | ---- | C] () -- C:\Users\Keeou\Desktop\zombieevfull.jpg
[2010/04/19 18:56:57 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 18:56:53 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/19 18:43:28 | 2144,854,015 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/19 17:59:45 | 000,060,672 | ---- | C] () -- C:\Users\Keeou\AppData\Local\syssvc.exe
[2010/04/18 02:51:27 | 000,011,515 | ---- | C] () -- C:\Users\Keeou\Documents\Term Test.docx
[2010/04/17 13:44:32 | 000,037,822 | ---- | C] () -- C:\Users\Keeou\Desktop\restaurant.bin
[2010/04/17 13:44:32 | 000,016,881 | ---- | C] () -- C:\Users\Keeou\Desktop\front.bin
[2010/04/14 18:28:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\eehudgh.dll
[2010/04/10 21:01:38 | 000,000,034 | ---- | C] () -- C:\Windows\NPinfotl.INI
[2010/04/06 17:41:50 | 000,000,752 | ---- | C] () -- C:\Users\Keeou\Desktop\Ventrilo.lnk
[2010/04/06 17:41:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/31 11:57:36 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 10:50:26 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2010/03/30 10:49:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/03/24 11:42:51 | 000,000,162 | -H-- | C] () -- C:\Users\Keeou\Desktop\~$w Microsoft Office Word Document (2).docx
[2010/03/24 03:38:33 | 000,010,645 | ---- | C] () -- C:\Users\Keeou\Documents\Apposition.docx
[2010/03/16 11:29:01 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/03/16 02:55:07 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/03/16 02:51:29 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/03/16 02:51:28 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/03/16 02:51:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/03/16 02:47:52 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/03/16 02:47:52 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/03/16 02:47:47 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/03/16 02:47:12 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/03/16 02:47:11 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/03/16 02:47:09 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/03/16 02:47:09 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/03/16 02:47:09 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/03/16 02:47:08 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/03/16 02:47:08 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/03/16 02:47:08 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/03/16 02:47:08 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/16 02:47:08 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/03/16 02:47:08 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/03/16 02:47:08 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/03/16 02:47:08 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/03/16 02:47:08 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/03/16 02:47:08 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/03/16 02:47:08 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/03/16 02:47:08 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/16 02:47:08 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/03/16 02:47:08 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/03/16 02:47:08 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/03/16 02:47:01 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/16 02:46:45 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/03/16 02:46:41 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/03/16 02:46:40 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/03/16 02:46:40 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/03/16 02:46:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/03/16 02:46:40 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/03/16 02:46:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/03/16 02:46:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/03/16 02:46:38 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/03/16 02:46:38 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/03/16 02:46:37 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/03/16 02:45:46 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/03/16 02:45:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/03/16 02:45:42 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/03/16 02:45:42 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/03/16 02:45:37 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/03/16 02:45:32 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/03/16 02:45:27 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/03/16 02:45:24 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/03/16 02:45:23 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/03/16 02:45:23 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/03/16 02:43:45 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/03/16 02:43:44 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/03/16 02:43:37 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/03/16 02:43:37 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/03/16 02:42:53 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/03/06 21:44:00 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/03/02 21:23:10 | 006,402,560 | ---- | C] () -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/02 21:23:10 | 006,402,560 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/02 21:16:42 | 000,033,616 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/02 21:16:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/02 21:15:30 | 000,497,152 | ---- | C] () -- C:\Windows\SysNative\aticfx64.dll
[2010/03/02 21:13:04 | 000,446,464 | ---- | C] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/02 21:12:52 | 000,450,560 | ---- | C] () -- C:\Windows\SysNative\atieclxx.exe
[2010/03/02 21:12:12 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/02 21:10:34 | 000,120,320 | ---- | C] () -- C:\Windows\SysNative\atitmm64.dll
[2010/03/02 21:10:12 | 000,420,864 | ---- | C] () -- C:\Windows\SysNative\atipdl64.dll
[2010/03/02 21:09:40 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\atimuixx.dll
[2010/03/02 21:09:34 | 000,059,392 | ---- | C] () -- C:\Windows\SysNative\atiedu64.dll
[2010/03/02 21:04:46 | 018,798,080 | ---- | C] () -- C:\Windows\SysNative\atio6axx.dll
[2010/03/02 20:57:00 | 003,800,576 | ---- | C] () -- C:\Windows\SysNative\atidxx64.dll
[2010/03/02 20:32:06 | 002,716,160 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/03/02 20:29:44 | 000,511,072 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/02 20:24:00 | 000,511,072 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/02 20:20:22 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/02 20:20:10 | 000,039,936 | ---- | C] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/02 20:19:56 | 004,781,568 | ---- | C] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\atimpc64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/02 20:08:14 | 000,330,752 | ---- | C] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/02 20:07:54 | 000,014,848 | ---- | C] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/02 20:07:48 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/02 20:07:44 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\atig6txx.dll
[2010/03/02 20:07:32 | 000,188,928 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/02 20:06:50 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/03/02 20:05:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/03/02 13:57:10 | 000,020,692 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/02/25 16:43:19 | 000,531,073 | ---- | C] () -- C:\Windows\SysWow64\patcher.jar
[2010/02/25 16:43:19 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\run.bat
[2010/02/25 12:55:46 | 000,201,875 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/17 21:05:12 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/17 21:05:12 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/17 21:05:10 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/17 21:05:10 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/12 12:01:24 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/02/12 12:01:24 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/01/30 00:12:35 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010/01/30 00:06:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/01/29 11:26:33 | 000,391,117 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (7).wma
[2010/01/29 11:25:53 | 000,175,597 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (6).wma
[2010/01/28 17:20:37 | 001,527,087 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (5).wma
[2010/01/28 17:16:59 | 000,876,037 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (4).wma
[2010/01/28 17:14:41 | 000,269,887 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (3).wma
[2010/01/28 17:14:17 | 000,045,387 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (2).wma
[2010/01/28 17:14:07 | 000,103,757 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled.wma
[2010/01/28 07:33:34 | 000,114,176 | ---- | C] () -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/26 14:09:26 | 000,260,872 | ---- | C] () -- C:\Windows\SysNative\PDBoot.exe
[2009/12/10 01:02:27 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\vvprotect.sys
[2009/12/04 19:55:13 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/09/30 22:45:20 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\hikpl.dll
[2009/09/27 20:21:59 | 000,016,596 | ---- | C] () -- C:\Windows\MSTMON_Y.INI
[2009/09/27 20:21:59 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2009/07/26 21:00:30 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\kbj.dll
[2009/07/26 20:59:54 | 000,066,048 | ---- | C] () -- C:\Windows\QMDispatch.dll
[2009/07/04 11:21:25 | 000,704,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/02 01:06:33 | 000,000,322 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/07/01 01:01:36 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/06/23 16:22:13 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2009/06/23 15:26:32 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/06/23 15:23:54 | 000,155,136 | ---- | C] () -- C:\Windows\unrar.dll
[2009/06/21 16:55:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/06/21 16:32:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/06/11 23:18:01 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/09 21:12:55 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2009/06/09 21:12:55 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2008/11/21 11:49:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/11/21 11:48:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/30 10:51:31 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Atari
[2010/03/30 13:28:43 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\BitComet
[2009/12/16 21:37:01 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Charles
[2009/06/09 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\FlashGet
[2010/03/30 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Leadertech
[2009/06/10 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\NanoTone
[2009/12/28 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\NeopleLauncherDFO
[2009/07/23 19:29:25 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\netmarble
[2009/06/22 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\PingTesterDataBas
[2009/06/23 16:23:45 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Tencent
[2010/03/06 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\TS3Client
[2010/03/05 02:42:45 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\VBA-M
[2009/11/08 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Vso
[2010/04/21 18:34:57 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/22 00:08:03 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40005009-1EEE-476C-855F-CC7A5A1E1F4B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/02/23 16:48:22 | 002,072,576 | ---- | M] () -- C:\dk2.exe
[2007/09/12 14:25:48 | 001,676,424 | ---- | M] () -- C:\dk2_2273.exe

< MD5 for: AGP440.SYS >
[2008/11/21 11:39:48 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/11/21 11:39:47 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/11/21 11:40:21 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/11/21 11:51:34 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008/11/21 11:45:20 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/11/21 11:45:20 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/11/21 11:45:20 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006/11/02 04:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/11/21 11:40:01 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/11/21 11:49:58 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/11/21 11:49:58 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/11/21 11:49:58 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006/11/02 04:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008/11/21 11:48:27 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Files - Unicode (All) ==========
[2010/04/14 18:27:34 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈
[2010/03/16 21:12:24 | 000,001,778 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/19 01:11:09 | 000,000,000 | ---D | M](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/19 01:11:09 | 000,000,000 | ---D | C](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/14 15:16:44 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
[2009/06/28 16:03:40 | 000,452,608 | ---- | C] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/28 16:03:40 | 000,001,346 | ---- | C] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/28 16:03:40 | 000,000,930 | ---- | C] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\Users\Keeou\????.bat) -- C:\Users\Keeou\升级补丁.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\Users\Keeou\???????????.exe) -- C:\Users\Keeou\完美炼狱之新形象登录器.exe
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/12 20:45:08 | 000,001,778 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\Users\Keeou\????????????.bat) -- C:\Users\Keeou\手动覆盖后运行此注册文件.bat
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
(C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
(C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP06A4C76
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
< End of report >

popvictor · 2010/04/22

Extras

OTL Extras logfile created on: 4/22/2010 12:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Keeou\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.10 Gb Total Space | 95.14 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 183.65 Gb Total Space | 181.69 Gb Free Space | 98.93% Space Free | Partition Type: NTFS

Computer Name: KEEOU-PC
Current User Name: Keeou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9A 58 7D C7 5D E9 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A60C409-7EEA-4127-9BAE-1F1549E419F8}" = lport=9870 | protocol=6 | dir=in | name=bitcomet 9870 tcp |
"{21D39DA1-0117-412E-8F20-4729212DB9D6}" = lport=9870 | protocol=17 | dir=in | name=bitcomet 9870 udp |
"{48C93FC8-B008-43E6-904E-2699925D632F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{899FBD0E-FCD9-48B6-B078-EF580F4922DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BA4E9F7-C4C6-4E58-AC1D-EB3B90CB0B76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CAE390A9-89EE-4500-A696-110B9DDA44B3}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040F8974-9EDF-4023-A8A6-E89CBB7C4032}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{10D53BFB-8C87-4FFE-B067-7107A06374D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{1510E681-E8CB-4E5A-86CA-3D4E648263C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{16D516EA-5CAE-4E22-A942-102A54D12705}" = protocol=6 | dir=in | app=c:\windows\asam.exe |
"{31740EE8-2281-464A-92BC-5641D0568E2B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{350EDBFF-4910-4F27-827A-A78AC66ABC3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\popvictor\counter-strike source\hl2.exe |
"{379C1C43-270E-4C42-BD12-F3BEE869B98F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{45BBF258-B2E6-42AB-A29F-DBC63862D46A}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{5326747A-A4C7-45DD-BB1E-3989AE1F3349}" = protocol=6 | dir=in | app=c:\nexon\poptag\ca.exe |
"{60090589-D9B7-4C0C-8CD8-DC8F8AE42DF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{624694BD-AF25-4E62-9CAE-B4256CA57E0D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6A1AF6D2-C376-4A5D-999C-48536213EFC0}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{764889A4-005A-4DA6-8731-C9993128CF18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{79FA1CA3-438B-4B13-A019-AD59B275922C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{86C76F82-0BFF-4E41-8A67-50B7BF4BBD8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E7B5E0C-A774-4464-8254-788D3A749FAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{906456FC-644F-4D97-A2E5-E457988904A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9C8339A8-91E1-4276-A1D6-7C733BAC4F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{A124F26D-91CE-4131-A00C-C9B0CB4EE996}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A163BBA9-C002-4585-B60A-BC04431C68DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A486112A-D556-451B-BC0A-E04EC5F79A07}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A829E9AB-4764-437B-88F8-BD73F684518E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ABE8E807-795B-4412-8334-26362E4CE005}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{B0B422DC-44BE-44DC-AEC9-37B5CCF0BDCB}" = protocol=17 | dir=in | app=c:\nexon\poptag\ca.exe |
"{B6DD65DC-7881-4868-AFA1-DD2BD4F4013B}" = protocol=17 | dir=in | app=c:\windows\asam.exe |
"{B85B292B-09B5-49E7-9F07-E0E03F7E49A5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C038BC93-A664-4887-8251-78FBFFC367C0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C4A64CF5-A0E4-45B4-8F9C-16CB3180BE1E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C6B85CF9-91C7-4E94-9BF7-629257580349}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA015F04-8313-4263-9BD2-8EE5458A2DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{DE08871F-FF1F-44C0-9C7C-4048A21B969C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E1193750-F998-45F2-9A8B-B2060CE11F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\popvictor\counter-strike source\hl2.exe |
"{E3248FEE-A80A-479D-A7B1-72DA193B9A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E8702E43-E7F2-435F-8FE9-6C49D4D2A6FA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EBEACCA7-7196-4720-A654-F7C24A0B72C9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EEF47070-FAC8-4BDE-AEE1-80954DADABEC}" = protocol=17 | dir=in | app=c:\nexon\poptag\nmcosrv.exe |
"{EF1D7F48-D820-4F7A-A094-EC94E4771F4D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F5B66D37-7659-4E1E-9D51-AEBB20B42878}" = protocol=6 | dir=in | app=c:\nexon\poptag\nmcosrv.exe |
"{F7ABABA7-13CC-4ED0-8C7B-C44C3B308342}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{FDAFAA61-C6EE-401C-AF4E-35F3F09B786F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{2CDFD1C3-9B74-4602-9C0C-E508148C4189}C:\farmhelper\fvbot.exe" = protocol=6 | dir=in | app=c:\farmhelper\fvbot.exe |
"TCP Query User{453CDAAD-830D-4EA6-998A-298FCCFCB99D}C:\program files (x86)\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charles\charles.exe |
"TCP Query User{5F8809D7-F3D9-410D-8AC1-980EF6869BB2}C:\farmhelper\bot.exe" = protocol=6 | dir=in | app=c:\farmhelper\bot.exe |
"TCP Query User{6F0B77D2-5DEC-4026-A7A3-D7B295A34448}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"TCP Query User{76E2B79B-E50D-4540-9410-2891D13D6014}C:\program files (x86)\steam\steamapps\popvictor\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\popvictor\team fortress 2\hl2.exe |
"TCP Query User{9B1165CE-6E3D-4E62-844F-21E8187102EA}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{A845AD4F-CA71-401A-82DE-70A713FE5CE8}C:\users\keeou\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\keeou\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B5085532-34F6-4969-8673-0344E6621D8B}C:\cafeworldbot\cwbot.exe" = protocol=6 | dir=in | app=c:\cafeworldbot\cwbot.exe |
"TCP Query User{C4DB5876-DB4D-47B5-B823-2BFAF3F46BC2}C:\program files (x86)\dklegend\dklegend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dklegend\dklegend.exe |
"TCP Query User{D9CEF553-2732-4F26-B41D-2AC873EBCBD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DCF90E1D-6B12-4B05-AB24-38F51F734979}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{02DECD1A-F39A-4B4E-ACB6-F3DFB7BF013A}C:\users\keeou\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\keeou\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{62F0E8E6-41F9-46CF-8968-307AB7F24264}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"UDP Query User{6FEA4505-CC71-495F-956F-9763C194B708}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{77A3E203-027A-435D-848E-E9BA058598E6}C:\program files (x86)\steam\steamapps\popvictor\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\popvictor\team fortress 2\hl2.exe |
"UDP Query User{9B4F442A-AA35-4546-82A3-CE9CB8F984F1}C:\farmhelper\fvbot.exe" = protocol=17 | dir=in | app=c:\farmhelper\fvbot.exe |
"UDP Query User{9BD68A2E-6D19-4248-96B4-E93C9DF6E343}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{C37C1711-DAF3-41DF-95DC-1B4C772074C6}C:\farmhelper\bot.exe" = protocol=17 | dir=in | app=c:\farmhelper\bot.exe |
"UDP Query User{CD777B39-5E63-45BF-8AE5-041306D14547}C:\cafeworldbot\cwbot.exe" = protocol=17 | dir=in | app=c:\cafeworldbot\cwbot.exe |
"UDP Query User{E6FA5B42-7095-43CA-84DA-752CC4C475E0}C:\program files (x86)\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charles\charles.exe |
"UDP Query User{F845AA48-C577-4143-8FEE-B0CAE8DB0375}C:\program files (x86)\dklegend\dklegend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dklegend\dklegend.exe |
"UDP Query User{FC4B00A8-2B06-4D8F-960A-CB04F5F726C7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"KONICA MINOLTA PagePro 1400W" = KONICA MINOLTA PagePro 1400W
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR 壓縮工具

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0C171CF9-E6CB-427F-B1E8-55637C603586}_is1" = FarmHelper
"{160B3255-2B39-4E0A-90C5-711AE4CCDE0B}" = Netmarble Fiefox Plugin Updater Installer
"{188CEE76-0503-4910-A845-E1DC45685DA0}" = RangeBooster G WUA-2340
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C564A58-BD28-4926-95E1-EC7812FCA44F}" = Gigabyte Wireless LAN Card
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.11.172
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEEA919B-ADCA-4EBB-BB40-6D6CD21258C5}_is1" = FarmHelper
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card
"Ad-Aware" = Ad-Aware
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"BitComet" = BitComet 1.18
"Charles_XK72" = Charles
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DFO" = DFOLauncher
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiddler2" = Fiddler2
"FlashGet" = FlashGet 1.9.6.1073
"Google Updater" = Google Updater
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"InstallShield_{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Online Video Hunter Professional_is1" = Online Video Hunter Professional v 2.1.0.2
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Quick Macro_is1" = Quick Macro v6.20
"RealAlt_is1" = Real Alternative 1.9.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"TTPlayer" = 千千静听 5.6正式版
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VTFEdit_is1" = VTFEdit 1.2.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YInstHelper" = Yahoo! Install Manager
"按鍵精靈_is1" = 按鍵精靈 6.00 正式版

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/04/22

You never answered:

What is your AV program, because I can't see any running?
Click to expand...

I can't read Chinese, so let me know, if you're familiar with these:

[2010/04/14 18:27:34 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈
[2010/03/16 21:12:24 | 000,001,778 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/19 01:11:09 | 000,000,000 | ---D | M](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/19 01:11:09 | 000,000,000 | ---D | C](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/14 15:16:44 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
[2009/06/28 16:03:40 | 000,452,608 | ---- | C] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/28 16:03:40 | 000,001,346 | ---- | C] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/28 16:03:40 | 000,000,930 | ---- | C] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\Users\Keeou\????.bat) -- C:\Users\Keeou\升级补丁.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\Users\Keeou\???????????.exe) -- C:\Users\Keeou\完美炼狱之新形象登录器.exe
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/12 20:45:08 | 000,001,778 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\Users\Keeou\????????????.bat) -- C:\Users\Keeou\手动覆盖后运行此注册文件.bat
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
(C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
(C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈
Click to expand...

=================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555;
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
[2010/04/19 17:59:45 | 000,060,672 | ---- | C] () -- C:\Users\Keeou\AppData\Local\syssvc.exe
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

popvictor · 2010/04/23

Oh hi sorry I forgot to reply to that question..
I use adaware, just that, I believe that's not even a anti-virus program but I keep it on all time.

As for the Chinese files, yep I know what they are.

OTL First Scan
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ deleted successfully.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
C:\Users\Keeou\AppData\Local\syssvc.exe moved successfully.
ADS C:\ProgramData\TEMP06A4C76 deleted successfully.
ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keeou
->Temp folder emptied: 2863540866 bytes
->Temporary Internet Files folder emptied: 31612195 bytes
->Java cache emptied: 131031843 bytes
->FireFox cache emptied: 62763350 bytes
->Google Chrome cache emptied: 394143593 bytes
->Flash cache emptied: 127106 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87328210 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,405.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.2.0 log created on 04232010_192110

Files\Folders moved on Reboot...
C:\Users\Keeou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOHVFLRH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAY0LJC0\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD1F3MXD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4E16F280\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

popvictor · 2010/04/23

OTL Second Scan Part 1

OTL logfile created on: 4/23/2010 7:25:14 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Keeou\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.10 Gb Total Space | 105.55 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 183.65 Gb Total Space | 181.69 Gb Free Space | 98.93% Space Free | Partition Type: NTFS

Computer Name: KEEOU-PC
Current User Name: Keeou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/22 00:30:55 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Keeou\Downloads\OTL.exe
PRC - [2010/04/06 17:30:17 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/05 19:04:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 17:30:16 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/17 21:39:13 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/04 08:52:58 | 000,735,008 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/05 22:33:55 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/17 13:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/09/23 22:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
PRC - [2007/04/10 12:24:26 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Vista Anti-Lag\val.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

========== Modules (SafeList) ==========

MOD - [2010/04/22 00:30:55 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Keeou\Downloads\OTL.exe
MOD - [2008/11/21 11:48:59 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/11/21 11:44:16 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/02 21:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/26 14:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 14:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/11/21 11:54:47 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/11/21 11:54:00 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/11/21 11:52:12 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/11/21 11:44:01 | 000,689,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/11/21 11:42:34 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/11/21 11:42:24 | 001,147,904 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV - [2010/04/06 17:30:17 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/06 01:15:38 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/07/05 22:33:55 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/17 13:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/05/06 13:50:00 | 002,756,910 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/19 03:36:40 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/04 08:53:02 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/28 07:33:34 | 000,114,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/20 11:11:38 | 000,101,904 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009/08/14 20:21:00 | 000,076,336 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/08/14 20:20:54 | 000,038,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/08/14 20:20:48 | 000,030,256 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/08/14 20:20:44 | 000,065,072 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/08/14 20:20:44 | 000,029,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/08/14 13:40:04 | 000,038,960 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/08/14 13:40:04 | 000,037,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009/08/14 13:40:04 | 000,020,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/06/17 13:02:03 | 000,024,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/11/26 21:51:18 | 000,390,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:64bit: - [2008/11/21 11:54:21 | 000,161,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2008/11/21 11:53:59 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/11/21 11:42:20 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/08/07 02:08:46 | 001,077,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AGUx64.sys -- (A5AGU)
DRV:64bit: - [2008/05/15 03:28:52 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/09/12 11:55:38 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/02 19:13:44 | 000,051,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009/12/10 02:14:07 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\vvprotect.sys -- (VVProtect)
DRV - [2009/09/18 01:37:44 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/09/18 01:37:36 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/06/09 16:53:26 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/01 11:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2004/12/30 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: " "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: " "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: " "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: " "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.8.2
FF - prefs.js..extensions.enabledItems: reader_plugin@ebrary.com:3.2.3.0
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: " "
FF - prefs.js..network.proxy.ssl: "127.0.0.1 "
FF - prefs.js..network.proxy.ssl_port: 8888

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/31 22:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/03/27 13:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 19:04:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/09 11:53:15 | 000,000,000 | ---D | M]

[2009/06/09 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Extensions
[2010/04/21 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions
[2009/12/16 21:12:58 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2010/01/30 00:06:43 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/12/17 14:37:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/05 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\battlefieldheroespatcher@ea.com
[2010/04/10 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Mozilla\Firefox\Profiles\skfqqcaj.default\extensions\reader_plugin@ebrary.com
[2010/04/21 15:29:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/17 01:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/04/20 17:00:34 | 000,049,152 | ---- | M] (Netmarble) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMFFUpdater.dll
[2009/07/09 13:33:28 | 000,106,496 | ---- | M] (CJInternet Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMNetmarbleDownload.dll
[2009/01/07 11:51:26 | 000,095,784 | ---- | M] (CJ Internet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMStarter.dll
[2009/05/21 16:31:30 | 000,153,072 | ---- | M] (CJ Internet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMSystemInformer.dll
[2009/04/20 17:01:50 | 000,180,343 | ---- | M] (Netmarble) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npGlbNMWebMessengerPlugin.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/02/22 18:45:04 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/04/23 19:22:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\SysNative\MSTMON_Y.EXE ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keeou\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keeou\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

popvictor · 2010/04/23

OTL Second Scan Part 2

========== Files/Folders - Created Within 90 Days ==========

[2010/04/23 19:21:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/19 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Malwarebytes
[2010/04/19 18:56:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/19 18:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/19 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 18:31:59 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/04/19 18:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/04/19 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Local\gtsgtuxfd
[2010/04/18 02:36:52 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Pet Society Files
[2010/04/06 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Ventrilo
[2010/04/06 17:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/04/06 17:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/31 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/03/31 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/03/31 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/03/30 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\RCT3
[2010/03/30 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Atari
[2010/03/30 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\Leadertech
[2010/03/30 10:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft
[2010/03/30 10:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2010/03/29 21:58:52 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Roller Coaster Tycoon 3
[2010/03/28 13:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/03/27 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2010/03/25 15:41:28 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010/03/25 15:41:28 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010/03/25 15:41:28 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010/03/25 15:41:28 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010/03/25 15:41:28 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010/03/25 15:41:28 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010/03/25 15:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010/03/25 11:17:05 | 000,000,000 | ---D | C] -- C:\ijji
[2010/03/25 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/19 10:46:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/16 15:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/16 03:13:05 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\Unclassified
[2010/03/16 03:10:25 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\DFO stuff
[2010/03/16 01:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/03/06 21:44:06 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\TS3Client
[2010/03/06 21:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/03/05 04:16:28 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\vba link
[2010/03/05 02:42:45 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\VBA-M
[2010/03/05 02:42:34 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Desktop\VBA
[2010/03/03 02:17:42 | 000,121,856 | ---- | C] (csie.org) -- C:\Users\Keeou\Desktop\piaipRCHack_v1.23.exe
[2010/03/02 21:10:04 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/02 21:09:48 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/02 21:09:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/02/27 23:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2010/02/23 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/02/23 01:17:36 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Local\Cisco
[2010/02/23 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/23 01:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/02/22 20:26:00 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/02/17 21:04:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/02/17 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\Sparkplay Media
[2010/02/15 19:48:47 | 000,000,000 | ---D | C] -- C:\CafeWorldBot
[2010/01/30 00:13:45 | 000,000,000 | ---D | C] -- C:\Users\Keeou\Documents\Adobe
[2010/01/30 00:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2010/01/30 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Keeou\AppData\Roaming\BitComet
[2010/01/30 00:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[1 C:\Users\Keeou\Desktop\*.tmp files -> C:\Users\Keeou\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/23 19:26:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/23 19:25:21 | 037,748,736 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT
[2010/04/23 19:24:07 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{89F87F6F-82B2-42D3-BF9F-5C2E1A614E45}
[2010/04/23 19:24:02 | 000,000,006 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{89F87F6F-82B2-42D3-BF9F-5C2E1A614E45}
[2010/04/23 19:23:57 | 000,016,596 | ---- | M] () -- C:\Windows\MSTMON_Y.INI
[2010/04/23 19:23:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/23 19:23:32 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 19:23:32 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 19:23:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/23 19:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/23 19:23:25 | 2144,854,015 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/23 19:22:27 | 000,524,288 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/04/23 19:22:27 | 000,065,536 | -HS- | M] () -- C:\Users\Keeou\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/04/23 19:22:25 | 003,562,647 | -H-- | M] () -- C:\Users\Keeou\AppData\Local\IconCache.db
[2010/04/23 19:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196810349-582042857-520598846-1000UA.job
[2010/04/23 18:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/23 10:12:10 | 000,033,280 | ---- | M] () -- C:\Users\Keeou\Desktop\YA.doc
[2010/04/23 02:04:12 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40005009-1EEE-476C-855F-CC7A5A1E1F4B}.job
[2010/04/22 19:09:18 | 000,083,968 | ---- | M] () -- C:\Users\Keeou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 19:09:17 | 366,854,720 | ---- | M] () -- C:\Users\Keeou\Desktop\flashforward.s01e17.hdtv.xvid-2hd.avi
[2010/04/20 23:09:37 | 000,012,286 | ---- | M] () -- C:\Users\Keeou\Documents\hard terms.docx
[2010/04/20 01:43:38 | 000,108,430 | ---- | M] () -- C:\Users\Keeou\Desktop\zombieevfull.jpg
[2010/04/19 18:56:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 18:22:18 | 000,699,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/19 18:22:18 | 000,605,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/19 18:22:18 | 000,107,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/19 05:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196810349-582042857-520598846-1000Core.job
[2010/04/19 00:46:56 | 000,000,034 | ---- | M] () -- C:\Windows\NPinfotl.INI
[2010/04/18 02:51:28 | 000,011,515 | ---- | M] () -- C:\Users\Keeou\Documents\Term Test.docx
[2010/04/16 18:58:00 | 000,016,881 | ---- | M] () -- C:\Users\Keeou\Desktop\front.bin
[2010/04/16 18:55:42 | 000,037,822 | ---- | M] () -- C:\Users\Keeou\Desktop\restaurant.bin
[2010/04/14 18:30:22 | 000,009,728 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/14 18:30:13 | 000,000,410 | ---- | M] () -- C:\Windows\win.ini
[2010/04/14 18:29:53 | 000,000,763 | ---- | M] () -- C:\Users\Keeou\Desktop\Quick Macro 6.lnk
[2010/04/14 18:10:27 | 196,303,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 23:41:34 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/06 17:41:52 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/06 17:41:50 | 000,000,752 | ---- | M] () -- C:\Users\Keeou\Desktop\Ventrilo.lnk
[2010/04/04 18:01:21 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2010/03/31 23:05:33 | 000,002,042 | ---- | M] () -- C:\Users\Keeou\Desktop\Google Chrome.lnk
[2010/03/31 11:57:36 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 10:59:40 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/26 12:29:45 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010/03/24 11:42:51 | 000,000,162 | -H-- | M] () -- C:\Users\Keeou\Desktop\~$w Microsoft Office Word Document (2).docx
[2010/03/24 03:38:33 | 000,010,645 | ---- | M] () -- C:\Users\Keeou\Documents\Apposition.docx
[2010/03/19 10:48:56 | 000,095,024 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/03/19 10:48:47 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/03/17 23:25:14 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/03/17 11:14:06 | 000,000,525 | ---- | M] () -- C:\Users\Public\Desktop\FarmHelper.lnk
[2010/03/16 21:16:18 | 000,001,174 | ---- | M] () -- C:\Users\Keeou\Desktop\Counter-Strike Source.lnk
[2010/03/16 03:01:23 | 000,100,448 | ---- | M] () -- C:\Users\Keeou\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/16 02:59:27 | 000,384,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/16 02:55:07 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/03/15 19:50:08 | 000,000,732 | ---- | M] () -- C:\Users\Keeou\AppData\Local\d3d9caps64.dat
[2010/03/14 23:25:53 | 000,001,356 | ---- | M] () -- C:\Users\Keeou\AppData\Local\d3d9caps.dat
[2010/03/06 21:44:00 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/03/03 02:17:43 | 000,121,856 | ---- | M] (csie.org) -- C:\Users\Keeou\Desktop\piaipRCHack_v1.23.exe
[2010/03/02 21:23:10 | 006,402,560 | ---- | M] () -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/02 21:23:10 | 006,402,560 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/02 21:16:42 | 000,033,616 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/02 21:16:38 | 000,143,360 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/02 21:15:30 | 000,497,152 | ---- | M] () -- C:\Windows\SysNative\aticfx64.dll
[2010/03/02 21:13:04 | 000,446,464 | ---- | M] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/02 21:12:52 | 000,450,560 | ---- | M] () -- C:\Windows\SysNative\atieclxx.exe
[2010/03/02 21:12:12 | 000,202,752 | ---- | M] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/02 21:10:34 | 000,120,320 | ---- | M] () -- C:\Windows\SysNative\atitmm64.dll
[2010/03/02 21:10:12 | 000,420,864 | ---- | M] () -- C:\Windows\SysNative\atipdl64.dll
[2010/03/02 21:10:04 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/02 21:09:48 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/02 21:09:40 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\atimuixx.dll
[2010/03/02 21:09:34 | 000,059,392 | ---- | M] () -- C:\Windows\SysNative\atiedu64.dll
[2010/03/02 21:09:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/03/02 21:04:46 | 018,798,080 | ---- | M] () -- C:\Windows\SysNative\atio6axx.dll
[2010/03/02 20:57:00 | 003,800,576 | ---- | M] () -- C:\Windows\SysNative\atidxx64.dll
[2010/03/02 20:39:46 | 004,801,536 | ---- | M] () -- C:\Windows\SysNative\atiumd64.dll
[2010/03/02 20:32:06 | 002,716,160 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/03/02 20:29:44 | 000,511,072 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/02 20:24:00 | 000,511,072 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/02 20:23:52 | 000,055,296 | ---- | M] () -- C:\Windows\SysNative\coinst.dll
[2010/03/02 20:20:22 | 000,043,008 | ---- | M] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/02 20:20:10 | 000,039,936 | ---- | M] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/02 20:19:56 | 004,781,568 | ---- | M] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\atimpc64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/02 20:08:14 | 000,330,752 | ---- | M] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/02 20:07:54 | 000,014,848 | ---- | M] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/02 20:07:48 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/02 20:07:44 | 000,016,896 | ---- | M] () -- C:\Windows\SysNative\atig6txx.dll
[2010/03/02 20:07:32 | 000,188,928 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/02 20:06:50 | 000,036,352 | ---- | M] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/03/02 20:06:34 | 000,028,160 | ---- | M] () -- C:\Windows\SysNative\atiu9p64.dll
[2010/03/02 20:06:06 | 000,026,112 | ---- | M] () -- C:\Windows\SysNative\atitmp64.dll
[2010/03/02 20:05:42 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/03/02 13:57:10 | 000,020,692 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/02/25 12:55:46 | 000,201,875 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/22 20:26:00 | 000,147,456 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/02/20 16:44:53 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 16:42:16 | 000,033,792 | ---- | M] () -- C:\Windows\SysNative\httpapi.dll
[2010/02/12 12:01:24 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/02/12 12:01:24 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/02/04 11:01:14 | 000,530,776 | ---- | M] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/04 11:01:14 | 000,176,984 | ---- | M] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/04 11:01:14 | 000,078,680 | ---- | M] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/04 11:01:14 | 000,024,920 | ---- | M] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/04 08:53:02 | 000,069,152 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/02/02 12:16:36 | 000,000,021 | ---- | M] () -- C:\Windows\SysWow64\run.bat
[2010/01/30 00:06:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/01/29 11:26:34 | 000,391,117 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (7).wma
[2010/01/29 11:25:53 | 000,175,597 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (6).wma
[2010/01/28 17:20:37 | 001,527,087 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (5).wma
[2010/01/28 17:16:59 | 000,876,037 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (4).wma
[2010/01/28 17:14:41 | 000,269,887 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (3).wma
[2010/01/28 17:14:17 | 000,045,387 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled (2).wma
[2010/01/28 17:14:07 | 000,103,757 | ---- | M] () -- C:\Users\Keeou\Documents\Untitled.wma
[2010/01/28 07:33:34 | 000,114,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/26 14:09:26 | 000,260,872 | ---- | M] () -- C:\Windows\SysNative\PDBoot.exe
[1 C:\Users\Keeou\Desktop\*.tmp files -> C:\Users\Keeou\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/23 10:12:10 | 000,033,280 | ---- | C] () -- C:\Users\Keeou\Desktop\YA.doc
[2010/04/22 18:49:26 | 366,854,720 | ---- | C] () -- C:\Users\Keeou\Desktop\flashforward.s01e17.hdtv.xvid-2hd.avi
[2010/04/20 23:09:36 | 000,012,286 | ---- | C] () -- C:\Users\Keeou\Documents\hard terms.docx
[2010/04/20 01:43:38 | 000,108,430 | ---- | C] () -- C:\Users\Keeou\Desktop\zombieevfull.jpg
[2010/04/19 18:56:57 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 18:56:53 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/19 18:43:28 | 2144,854,015 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/18 02:51:27 | 000,011,515 | ---- | C] () -- C:\Users\Keeou\Documents\Term Test.docx
[2010/04/17 13:44:32 | 000,037,822 | ---- | C] () -- C:\Users\Keeou\Desktop\restaurant.bin
[2010/04/17 13:44:32 | 000,016,881 | ---- | C] () -- C:\Users\Keeou\Desktop\front.bin
[2010/04/14 18:28:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\eehudgh.dll
[2010/04/10 21:01:38 | 000,000,034 | ---- | C] () -- C:\Windows\NPinfotl.INI
[2010/04/06 17:41:50 | 000,000,752 | ---- | C] () -- C:\Users\Keeou\Desktop\Ventrilo.lnk
[2010/04/06 17:41:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/31 11:57:36 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 10:50:26 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2010/03/30 10:49:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/03/24 11:42:51 | 000,000,162 | -H-- | C] () -- C:\Users\Keeou\Desktop\~$w Microsoft Office Word Document (2).docx
[2010/03/24 03:38:33 | 000,010,645 | ---- | C] () -- C:\Users\Keeou\Documents\Apposition.docx
[2010/03/16 11:29:01 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/03/16 02:55:07 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/03/16 02:51:29 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/03/16 02:51:28 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/03/16 02:51:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/03/16 02:47:52 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/03/16 02:47:52 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/03/16 02:47:47 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/03/16 02:47:12 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/03/16 02:47:11 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/03/16 02:47:09 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/03/16 02:47:09 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/03/16 02:47:09 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/03/16 02:47:08 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/03/16 02:47:08 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/03/16 02:47:08 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/03/16 02:47:08 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/16 02:47:08 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/03/16 02:47:08 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/03/16 02:47:08 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/03/16 02:47:08 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/03/16 02:47:08 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/03/16 02:47:08 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/03/16 02:47:08 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/03/16 02:47:08 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/16 02:47:08 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/03/16 02:47:08 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/03/16 02:47:08 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/03/16 02:47:01 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/16 02:46:45 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/03/16 02:46:41 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/03/16 02:46:40 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/03/16 02:46:40 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/03/16 02:46:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/03/16 02:46:40 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/03/16 02:46:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/03/16 02:46:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/03/16 02:46:38 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/03/16 02:46:38 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/03/16 02:46:37 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/03/16 02:45:46 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/03/16 02:45:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/03/16 02:45:42 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/03/16 02:45:42 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/03/16 02:45:37 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/03/16 02:45:32 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/03/16 02:45:27 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/03/16 02:45:24 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/03/16 02:45:23 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/03/16 02:45:23 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/03/16 02:43:45 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/03/16 02:43:44 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/03/16 02:43:37 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/03/16 02:43:37 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/03/16 02:42:53 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/03/06 21:44:00 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/03/02 21:23:10 | 006,402,560 | ---- | C] () -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/02 21:23:10 | 006,402,560 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/02 21:16:42 | 000,033,616 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/02 21:16:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/02 21:15:30 | 000,497,152 | ---- | C] () -- C:\Windows\SysNative\aticfx64.dll
[2010/03/02 21:13:04 | 000,446,464 | ---- | C] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/02 21:12:52 | 000,450,560 | ---- | C] () -- C:\Windows\SysNative\atieclxx.exe
[2010/03/02 21:12:12 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/02 21:10:34 | 000,120,320 | ---- | C] () -- C:\Windows\SysNative\atitmm64.dll
[2010/03/02 21:10:12 | 000,420,864 | ---- | C] () -- C:\Windows\SysNative\atipdl64.dll
[2010/03/02 21:09:40 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\atimuixx.dll
[2010/03/02 21:09:34 | 000,059,392 | ---- | C] () -- C:\Windows\SysNative\atiedu64.dll
[2010/03/02 21:04:46 | 018,798,080 | ---- | C] () -- C:\Windows\SysNative\atio6axx.dll
[2010/03/02 20:57:00 | 003,800,576 | ---- | C] () -- C:\Windows\SysNative\atidxx64.dll
[2010/03/02 20:32:06 | 002,716,160 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dll
[2010/03/02 20:29:44 | 000,511,072 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/02 20:24:00 | 000,511,072 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/02 20:20:22 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/02 20:20:10 | 000,039,936 | ---- | C] () -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/02 20:19:56 | 004,781,568 | ---- | C] () -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\atimpc64.dll
[2010/03/02 20:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/02 20:08:14 | 000,330,752 | ---- | C] () -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/02 20:07:54 | 000,014,848 | ---- | C] () -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/02 20:07:48 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/02 20:07:44 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\atig6txx.dll
[2010/03/02 20:07:32 | 000,188,928 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/02 20:06:50 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\atiuxp64.dll
[2010/03/02 20:05:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/03/02 13:57:10 | 000,020,692 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/02/25 16:43:19 | 000,531,073 | ---- | C] () -- C:\Windows\SysWow64\patcher.jar
[2010/02/25 16:43:19 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\run.bat
[2010/02/25 12:55:46 | 000,201,875 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 09:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/17 21:05:12 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/17 21:05:12 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/17 21:05:10 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/17 21:05:10 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/12 12:01:24 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/02/12 12:01:24 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/01/30 00:12:35 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010/01/30 00:06:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/01/29 11:26:33 | 000,391,117 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (7).wma
[2010/01/29 11:25:53 | 000,175,597 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (6).wma
[2010/01/28 17:20:37 | 001,527,087 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (5).wma
[2010/01/28 17:16:59 | 000,876,037 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (4).wma
[2010/01/28 17:14:41 | 000,269,887 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (3).wma
[2010/01/28 17:14:17 | 000,045,387 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled (2).wma
[2010/01/28 17:14:07 | 000,103,757 | ---- | C] () -- C:\Users\Keeou\Documents\Untitled.wma
[2010/01/28 07:33:34 | 000,114,176 | ---- | C] () -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/26 14:09:26 | 000,260,872 | ---- | C] () -- C:\Windows\SysNative\PDBoot.exe
[2009/12/10 01:02:27 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\vvprotect.sys
[2009/12/04 19:55:13 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/09/30 22:45:20 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\hikpl.dll
[2009/09/27 20:21:59 | 000,016,596 | ---- | C] () -- C:\Windows\MSTMON_Y.INI
[2009/09/27 20:21:59 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2009/07/26 21:00:30 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\kbj.dll
[2009/07/26 20:59:54 | 000,066,048 | ---- | C] () -- C:\Windows\QMDispatch.dll
[2009/07/04 11:21:25 | 000,704,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/02 01:06:33 | 000,000,322 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/07/01 01:01:36 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/06/23 16:22:13 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2009/06/23 15:26:32 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/06/23 15:23:54 | 000,155,136 | ---- | C] () -- C:\Windows\unrar.dll
[2009/06/21 16:55:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/06/21 16:32:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/06/11 23:18:01 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/09 21:12:55 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2009/06/09 21:12:55 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2008/11/21 11:49:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/11/21 11:48:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/30 10:51:31 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Atari
[2010/03/30 13:28:43 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\BitComet
[2009/12/16 21:37:01 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Charles
[2009/06/09 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\FlashGet
[2010/03/30 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Leadertech
[2009/06/10 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\NanoTone
[2009/12/28 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\NeopleLauncherDFO
[2009/07/23 19:29:25 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\netmarble
[2009/06/22 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\PingTesterDataBas
[2009/06/23 16:23:45 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Tencent
[2010/03/06 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\TS3Client
[2010/03/05 02:42:45 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\VBA-M
[2009/11/08 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Keeou\AppData\Roaming\Vso
[2010/04/23 19:22:28 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/23 02:04:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40005009-1EEE-476C-855F-CC7A5A1E1F4B}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/04/14 18:27:34 | 000,000,000 | ---D | M](C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈
[2010/03/16 21:12:24 | 000,001,778 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | M] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/26 20:59:36 | 000,000,761 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\按鍵精靈.lnk
[2009/07/19 01:11:09 | 000,000,000 | ---D | M](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/19 01:11:09 | 000,000,000 | ---D | C](C:\Users\Keeou\Documents\?? ???) -- C:\Users\Keeou\Documents\喀蝦 楝斜
[2009/07/14 15:16:44 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
[2009/06/28 16:03:40 | 000,452,608 | ---- | C] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/28 16:03:40 | 000,001,346 | ---- | C] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/28 16:03:40 | 000,000,930 | ---- | C] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\Users\Keeou\????.bat) -- C:\Users\Keeou\升级补丁.bat
[2009/06/18 12:54:48 | 000,001,346 | ---- | M] ()(C:\????.bat) -- C:\升级补丁.bat
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\Users\Keeou\???????????.exe) -- C:\Users\Keeou\完美炼狱之新形象登录器.exe
[2009/06/18 00:02:08 | 000,452,608 | ---- | M] (完美炼狱之新形象)(C:\???????????.exe) -- C:\完美炼狱之新形象登录器.exe
[2009/06/12 20:45:08 | 000,001,778 | ---- | C] ()(C:\Users\Keeou\Desktop\????.lnk) -- C:\Users\Keeou\Desktop\千千静听.lnk
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\Users\Keeou\????????????.bat) -- C:\Users\Keeou\手动覆盖后运行此注册文件.bat
[2009/06/04 09:04:54 | 000,000,930 | ---- | M] ()(C:\????????????.bat) -- C:\手动覆盖后运行此注册文件.bat
(C:\Program Files (x86)\?????) -- C:\Program Files (x86)\魅力無雙二
(C:\Program Files (x86)\????) -- C:\Program Files (x86)\按鍵精靈
< End of report >

broni · 2010/04/23

I use adaware, just that, I believe that's not even a anti-virus program
Click to expand...

You're right, it's not an AV program.
You need a real one.
I suggest, you download and install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

After installation, update the program and run full scan.

When done....

Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.

After the reboot all the tools we used should be gone.

The tool will delete itself once it finishes.

===============================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Disable your antivirus program.
Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

popvictor · 2010/04/26

Oops accidently saved it as .html...
and btw, I think I know how I infected my computer - by the use of IE
Cuz I just got infected by the same virus again...
Just gonna go through the step again I guess.

Monday, April 26, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 06:30:38
Records in database: 3980300
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
S:\
Scan statistics
Objects scanned 212254
Threats found 2
Infected objects found 1
Suspicious objects found 2
Scan duration 02:34:03

File name Threat Threats count
C:\Program Files (x86)\Gskstudio\Online Video Hunter Professional\Core.dll Infected: not-a-virus:NetTool.Win32.Sniffer.as 1
C:\try2\login\update\俇藝褻郜眳陔倛砓腎翹.exe Suspicious: Packed.Win32.Black.d 1
C:\try2\login\update.rar Suspicious: Packed.Win32.Black.d 1

broni · 2010/04/26

Cuz I just got infected by the same virus again...
Click to expand...

Explain, please. What signs do you have?

popvictor · 2010/04/28

"broni said: ↑

Explain, please. What signs do you have?
Click to expand...

Same stuff again... like fake popups again
I did a MalwareByte Scan and this is the log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4040

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

4/26/2010 1:41:47 PM
mbam-log-2010-04-26 (13-41-47).txt

Scan type: Quick scan
Objects scanned: 111437
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

After that the comp seems to be fine again.

broni · 2010/04/28

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

broni · 2010/04/28

Did you install Avast, or Avira already?

popvictor · 2010/04/29

GMER - Says nothing is detected

"broni said: ↑

Did you install Avast, or Avira already?
Click to expand...

Yes I installed Avira and it tells me that I'm clean.

broni · 2010/04/29

I guess, we may declare your computer clean, then

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

popvictor · 2010/05/01

Alrighty, thanks
Really appreciate your help
I'll let you know if it gets infected again lol (hopefully not)

Log in or Sign up

Solved Fake antivirus popus

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Fake antivirus popus

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

broni Moderator Malware Analyst

popvictor Inactive Thread Starter

Share This Page

Useful Searches