Malware sirefef.y and similar found in MSE on Vista HP x86

Solved
By Johnny270268
Jul 13, 2012
  1. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    OK, feel rested now :p Sorry I had to do that to you Broni but I'm back now,

    Initial MSE Quick scan (no issues detected)
    MSE Full Scan 5 Potential Threats

    Rogue: Win32/Winwebsec
    Virus: Win32/Sirefef.R
    Trojan: Win32/Sirefef.AH
    Trojan: Win32/Sirefef.AB
    PWS: Win32/Zbot.gen!Y

    I'll remove these, reboot (if it asks) and install MBAM and continue on if there are no issues.

    Will post results ASAP
  2. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Posting Mbam log. Removed and rebooted as requested by program

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.16.03
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Greg :: GREG-PC [administrator]
    16/07/2012 5:03:50 PM
    mbam-log-2012-07-16 (17-03-50).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223985
    Time elapsed: 9 minute(s), 53 second(s)
    Memory Processes Detected: 1
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrmon.exe (PUP.MyWebSearch) -> 4040 -> Delete on reboot.
    Memory Modules Detected: 1
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    Registry Keys Detected: 21
    HKLM\SYSTEM\CurrentControlSet\Services\CrazyForCricket_3kService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Typelib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCR\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCR\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDD39FFE-DDB5-4566-BF35-373698DDEE55} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 11
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CrazyForCricket_3k Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\CRAZYF~2\bar\1.bin\3kbrmon.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CrazyForCricket Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\CRAZYF~2\bar\1.bin\3ksrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Data: C:\Program Files\Web Search Operator\4.2.0.2150\FF -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Data: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Data: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.
    Registry Data Items Detected: 2
    HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.
    Folders Detected: 4
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    Files Detected: 10
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\ProgramData\{8ED303BF-E542-46DC-8C8C-CC5D61E6EF91}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Users\Greg\Favorites\MyKeySearch.url (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    (end)
  3. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Now preparing for OTL. Will post results ASAP :)
  4. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    OK

    OTL Log (Part 1) first,


    OTL logfile created on: 16/07/2012 5:54:48 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Greg\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 57.97% Memory free
    6.22 Gb Paging File | 4.66 Gb Available in Paging File | 74.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 450.70 Gb Total Space | 189.40 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 6.25 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
    Drive K: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.59% Space Free | Partition Type: FAT32

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/16 17:50:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    PRC - [2012/07/06 11:53:20 | 000,217,536 | ---- | M] (Facebook) -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe
    PRC - [2012/06/19 15:10:59 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/08/02 15:06:36 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
    PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
    PRC - [2010/08/02 20:14:17 | 000,028,766 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe
    PRC - [2010/08/02 20:14:17 | 000,020,480 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe
    PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2009/07/24 15:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
    PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/03 18:36:38 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2008/07/18 22:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/07/18 22:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
    PRC - [2008/07/15 13:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/05/02 16:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/03/17 18:29:52 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V105\dldnmsdmon.exe
    PRC - [2008/03/17 18:29:48 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V105\dldnmon.exe
    PRC - [2008/03/04 19:42:40 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldncoms.exe
    PRC - [2008/01/21 12:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2006/03/08 10:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    PRC - [2002/01/01 22:19:00 | 001,066,496 | ---- | M] (OtakuSoftware) -- C:\Users\Greg\Deskspace\deskspace.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/05 20:58:56 | 021,015,488 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\libcef.dll
    MOD - [2012/07/05 20:58:16 | 000,284,096 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.WinForms.dll
    MOD - [2012/07/05 20:56:24 | 000,456,128 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.dll
    MOD - [2012/06/19 15:10:57 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
    MOD - [2012/06/19 15:10:42 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
    MOD - [2012/06/19 15:10:41 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
    MOD - [2012/06/19 15:10:41 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
    MOD - [2012/06/19 15:10:41 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
    MOD - [2012/06/14 07:42:59 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\35d5c990de9a4f3960faa37e2cc1f50f\MenuSkinning.ni.dll
    MOD - [2012/06/14 07:42:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/14 07:42:34 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\1802136e1ae5bc81fb17204ea694bc00\VistaBridgeLibrary.ni.dll
    MOD - [2012/06/14 07:42:33 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\e510ac58495dd599fac0176a996c793b\DellDock.ni.exe
    MOD - [2012/06/14 07:42:30 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d47ab8d1043612fbc28fd67ff61e15cb\MyDock.Util.ni.dll
    MOD - [2012/06/14 07:40:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 07:40:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/10 22:23:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/10 22:23:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
    MOD - [2012/05/10 22:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/10 19:54:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
    MOD - [2012/05/09 21:54:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/09 21:54:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\81983f051a8a49dabc8bcacc3b814189\System.Data.ni.dll
    MOD - [2012/05/09 21:52:32 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/09 21:51:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/08/10 17:27:55 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
    MOD - [2009/04/11 16:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2009/03/30 14:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2008/10/03 18:42:24 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3021.38476__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:24 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3021.38434__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:24 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3021.38488__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:24 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3021.38664__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:24 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3021.38629__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3021.38468__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3021.38455__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:23 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3021.38696__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:15 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3021.38720__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:15 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3021.38702__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:15 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3021.38643__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3021.38448__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3021.38695__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3021.38501__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3021.38588__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3021.38581__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3021.38456__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3021.38656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008/10/03 18:42:14 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3021.38495__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008/10/03 18:42:14 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3021.38719__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3021.38507__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3021.38622__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3021.38594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008/10/03 18:42:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008/10/03 18:42:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008/10/03 18:42:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008/10/03 18:42:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008/10/03 18:42:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008/10/03 18:42:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008/10/03 18:42:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008/10/03 18:42:09 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3021.38463__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008/10/03 18:42:09 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3021.38678__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2008/10/03 18:42:09 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3021.38687__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008/10/03 18:42:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3021.38686__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008/10/03 18:42:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3021.38712__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008/10/03 18:42:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2008/10/03 18:42:09 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3021.38723__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
    MOD - [2008/10/03 18:42:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2008/10/03 18:42:08 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3021.38442__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008/10/03 18:42:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3021.38426__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008/10/03 18:42:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008/10/03 18:42:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3021.38424__90ba9c70f846762e\APM.Server.dll
    MOD - [2008/10/03 18:42:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3021.38425__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008/10/03 18:42:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008/10/03 18:42:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3021.38686__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2008/10/03 18:42:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008/10/03 18:42:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008/10/03 18:42:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008/05/21 16:11:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2008/03/17 18:29:52 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V105\dldnmsdmon.exe
    MOD - [2008/03/17 18:29:48 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V105\dldnmon.exe
    MOD - [2008/03/14 15:59:28 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V105\dldndrs.dll
    MOD - [2008/03/14 15:58:48 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V105\dldnscw.dll
    MOD - [2008/02/19 10:05:38 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V105\app4r.monitor.core.dll
    MOD - [2008/02/19 10:05:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V105\app4r.monitor.common.dll
    MOD - [2008/02/19 10:04:38 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V105\app4r.devmons.mcmdevmon.dll
    MOD - [2008/02/12 14:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    MOD - [2008/01/23 09:08:22 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V105\dldncaps.dll
    MOD - [2008/01/23 08:59:20 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V105\dldnmonr.dll
    MOD - [2008/01/21 23:05:56 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V105\dldncfg.dll
    MOD - [2007/11/22 05:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V105\app4r.devmons.mcmdevmon.autoplayutil.dll
    MOD - [2007/10/02 11:51:10 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V105\dldncnv4.dll
    MOD - [2007/05/29 04:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell V105\dldndatr.dll
    MOD - [2002/01/01 22:18:58 | 000,049,152 | ---- | M] () -- C:\Users\Greg\Deskspace\deskspace151.dll
  5. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    OTL Log File (Part 2),


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2012/07/16 05:02:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/19 15:10:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/05/16 01:50:00 | 004,135,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2010/08/02 20:14:17 | 000,028,766 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
    SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2008/10/03 18:36:38 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2008/07/18 22:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
    SRV - [2008/05/02 16:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/04/01 15:55:42 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe -- (dldnCATSCustConnectService)
    SRV - [2008/03/04 19:42:40 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldncoms.exe -- (dldn_device)
    SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/21 12:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/21 12:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva388.sys -- (XDva388)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva379.sys -- (XDva379)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva377.sys -- (XDva377)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva374.sys -- (XDva374)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva372.sys -- (XDva372)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva368.sys -- (XDva368)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva367.sys -- (XDva367)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva366.sys -- (XDva366)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva362.sys -- (XDva362)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva361.sys -- (XDva361)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva358.sys -- (XDva358)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva352.sys -- (XDva352)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva348.sys -- (XDva348)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva346.sys -- (XDva346)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva345.sys -- (XDva345)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva344.sys -- (XDva344)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva342.sys -- (XDva342)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva341.sys -- (XDva341)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva336.sys -- (XDva336)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Greg\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/16 17:36:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62D9B805-39BF-439B-8A95-F7261A964B5A}\MpKsl345317f0.sys -- (MpKsl345317f0)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/07/01 17:12:26 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
    DRV - [2009/08/25 15:46:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/07/24 15:05:24 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
    DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/07/21 21:18:20 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV - [2008/07/10 21:28:50 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/07/02 16:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/07/02 16:43:46 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/21 16:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2008/05/21 16:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/21 12:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
    IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAAU
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795637


    IE - HKU\.DEFAULT\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153

    IE - HKU\S-1-5-18\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153



    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/index.php?lh=c0eff49bfa52c6577d051ffa05300cc9&eu=XVUHAKl-eM-CZ8lbII58wQ
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {970a72ad-2603-4b4e-bb28-aff6ab80cccd} - No CLSID value found
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes,DefaultScope = {AB6949AA-9BE6-42BE-A363-96816267F568}
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=gFZv3yHKFEghNH7s70KtIlaQCN0?q={searchTerms}
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{AB6949AA-9BE6-42BE-A363-96816267F568}: "URL" = http://findgala.com/?&uid=5606&q={searchTerms}
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795637
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\Live Search: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@CrazyForCricket_3k.com/Plugin: C:\Program Files\CrazyForCricket_3k\bar\1.bin\NP3kStub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@ei.CrazyForCricket_3k.com/Plugin: C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\NP3kEISB.dll (CrazyForCricket)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll (IObit Pty Ltd)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Greg\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Greg\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2012/07/16 06:38:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\3kffxtbr@CrazyForCricket_3k.com: C:\Program Files\CrazyForCricket_3k\bar\1.bin [2012/07/16 17:31:46 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:36 | 000,000,000 | ---D | M]

    [2010/11/20 14:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
    [2010/05/10 20:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions
    [2010/05/10 20:06:08 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: CrazyForCricket Installer Plugin Stub (Enabled) = C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\NP3kEISB.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\CrazyForCricket_3k\bar\1.bin\NP3kStub.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: IObit Toolbar Plugin Stub (Enabled) = C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\Greg\AppData\LocalLow\POWERC~1\nppowerloader.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: Skype Click to Call = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\

    O1 HOSTS File: ([2012/07/16 06:43:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
    O2 - BHO: (HiGames Toolbar) - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    O2 - BHO: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (HiGames Toolbar) - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (midicase Toolbar) - {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [dldnamon] C:\Program Files\Dell V105\dldnamon.exe ()
    O4 - HKLM..\Run: [dldnmon.exe] C:\Program Files\Dell V105\dldnmon.exe ()
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [IObitBar Browser Plugin Loader] C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe (IObit)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [DeskSpace] C:\Users\Greg\Deskspace\deskspace.exe (OtakuSoftware)
    O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [Facebook Update] C:\Users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = File not found
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe (Facebook)
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.211.33 61.9.211.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1F54933-DCC8-470B-B71B-D61CF1D46C06}: DhcpNameServer = 61.9.211.33 61.9.211.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  6. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    OTL Log File (Part 3 - Final Part)


    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/16 17:52:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    [2012/07/16 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Malwarebytes
    [2012/07/16 17:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/16 17:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/16 17:01:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/16 17:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/16 17:00:35 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Greg\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/16 08:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/16 08:15:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/16 08:14:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/16 06:39:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\temp
    [2012/07/16 06:29:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/16 06:28:34 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
    [2012/07/16 05:41:12 | 000,306,849 | ---- | C] (Farbar) -- C:\Users\Greg\Desktop\ListParts.exe
    [2012/07/16 03:58:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
    [2012/07/16 03:48:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\RK_Quarantine
    [2012/07/16 03:03:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{90C51A00-D339-4613-A463-20E0DFA1594B}
    [2012/07/16 00:30:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3C732B40-3502-416A-BC08-B9FD33415644}
    [2012/07/16 00:14:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{4524E9F2-1E68-4D69-AEA4-4541D885BD81}
    [2012/07/15 23:53:13 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{468EAEAD-F89F-454F-9640-4407B786CA4B}
    [2012/07/15 23:29:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3AD1C443-43EA-4373-9F45-958E77022B82}
    [2012/07/15 23:20:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{0E2D3F97-C724-44CC-BC29-54A4252C81A0}
    [2012/07/15 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{74E8FE45-8A86-4617-B0CE-492BD2C285E5}
    [2012/07/15 17:23:21 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/15 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{585644F1-9465-41F7-8502-4C1B1DB93B05}
    [2012/07/15 03:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/15 03:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/15 03:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/15 03:07:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/15 02:35:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{898558BD-D0F9-4B39-AF5A-7DC1A8831BB9}
    [2012/07/14 01:35:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\New Folder
    [2012/07/11 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8464AB12-BE73-47E6-AE8E-E1823AB21092}
    [2012/07/11 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BF17450D-CF1C-49A3-BB5B-5B1DC3F61465}
    [2012/07/11 16:30:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8302B3D4-0DF8-4B07-9182-144CBD49738F}
    [2012/07/11 16:23:44 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{831F8109-DA93-4428-8AFF-060229D2DBEC}
    [2012/07/10 21:31:33 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/07/10 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
    [2012/07/10 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{B6278796-2DB1-4D04-83A0-606CCF02FCB8}
    [2012/07/10 11:19:27 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{632AC920-C0C1-47F3-A780-B1EC76F9D52D}
    [2012/07/09 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D4845FF1-1246-4AE4-AC65-56FD9A0DA6FD}
    [2012/07/09 15:30:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{ADA31F9D-6FEE-4766-97C4-39D90246FAAA}
    [2012/07/08 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\etax2012
    [2012/07/08 17:59:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2012
    [2012/07/08 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{28CFBC33-D0D2-41D9-8BFC-A1324A477D5F}
    [2012/07/08 11:30:28 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5F537EDD-C0EF-4630-B5BB-E36CF22FBD55}
    [2012/07/07 16:08:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Ovwua
    [2012/07/07 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{DBA37C53-717B-4C50-BD1A-C9E3A3404DF3}
    [2012/07/07 13:12:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C709F85E-BFED-442A-AF7B-54C35A2A811F}
    [2012/07/07 11:36:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{96618300-8991-4D5A-9A91-51870C0E436D}
    [2012/07/06 12:35:35 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{11942910-E1FB-4329-AEB1-82AEB084030D}
    [2012/07/06 12:35:24 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{78D6118C-3003-4381-9462-CAAF16B98D73}
    [2012/07/05 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5697826E-548B-4DA6-8428-1821C4E3309B}
    [2012/07/05 11:25:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9258E6DE-4EB3-423A-B92F-037F09DF8591}
    [2012/07/04 18:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
    [2012/07/04 12:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    [2012/07/04 12:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2012/07/04 12:06:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{87AB1156-9900-45CC-9CE5-E88C511BEF37}
    [2012/07/04 12:05:48 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5BADFB4D-2FC5-4856-89AD-2CF3EF997E5C}
    [2012/07/03 17:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\etax2012
    [2012/07/03 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Publish Providers
    [2012/07/03 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Sony
    [2012/07/03 17:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2012/07/03 17:10:53 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Sony
    [2012/07/03 11:14:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{04ED5E19-59B5-424F-A5ED-479899B1813D}
    [2012/07/03 11:14:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{043A3B3A-416A-41CC-8026-30A85533885A}
    [2012/07/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2012/07/02 20:35:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\FFOutput
    [2012/07/02 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
    [2012/07/02 13:14:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{4163227F-B910-463F-B444-816910B6279A}
    [2012/07/02 13:13:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{CADAD44E-8837-4E65-9547-185542B53C4D}
    [2012/07/01 10:51:34 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{16DF2505-BE6C-47AF-94E6-4F1D96FCE8BE}
    [2012/07/01 10:51:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6DB51A5F-23B2-41CC-A51A-63869643CEFF}
    [2012/06/30 11:59:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{34938F1F-DC7A-402F-91B4-849B2FB1D475}
    [2012/06/30 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{FEA17149-9A13-48EB-8B9D-79F4C9207005}
    [2012/06/29 06:51:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8566F164-3A45-4FF9-A9C2-74FA325AF3AD}
    [2012/06/29 06:50:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1FB021B7-10D6-40C2-ABC3-3F7BF49AAB84}
    [2012/06/28 08:48:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{708FBC0B-A5AC-4CA3-9AD6-06B63B587C34}
    [2012/06/28 08:48:13 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6702903B-4865-4134-884F-DFB2728D2143}
    [2012/06/27 10:34:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\FIFAOnline2
    [2012/06/27 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{833BA153-D84C-45A9-9FF4-3C69E859C5C9}
    [2012/06/27 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{F869B887-DDAB-4762-ADDB-44BB25F3882D}
    [2012/06/27 10:12:38 | 000,000,000 | ---D | C] -- C:\Log
    [2012/06/26 10:56:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1070108F-9562-42E0-B4C0-59ADF563F9B8}
    [2012/06/26 10:56:32 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{99303EB3-9B79-4E69-BFC0-B68D1630EB6A}
    [2012/06/25 10:59:04 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6F535F22-76C1-4736-B2C6-07CB75D2A987}
    [2012/06/25 10:58:53 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{18E2FAA1-D7EE-4CBA-9966-D1C73BA54DBB}
    [2012/06/24 16:39:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2DAE3433-2782-40C5-A9C1-B22B1FE18391}
    [2012/06/24 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BC067D07-629B-494E-A6E2-FF39EC7EA0B8}
    [2012/06/23 22:18:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7342D475-148A-48BF-9FD3-8B955BB31CDF}
    [2012/06/23 22:18:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6F758E9D-0B3D-4A33-BCF8-949FE5A87ADA}
    [2012/06/23 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{FF314639-C1E3-4CF7-99AD-35366AFF82E6}
    [2012/06/23 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7FC9EAE8-E72C-400D-A6B5-E2E550030DFE}
    [2012/06/22 19:01:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D977E316-D79F-4B62-9F91-4EFD5C4E12D6}
    [2012/06/22 19:01:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7DA04853-8262-45D8-B5A1-5708A86B4550}
    [2012/06/22 07:00:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5ACA589F-F7B0-471A-8C8E-7EE46FCE3C0A}
    [2012/06/22 07:00:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{F083F740-0CC5-41CF-81BE-D03467E20FB7}
    [2012/06/21 11:17:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C5A69BC6-8752-41B9-87DC-9A17F774D3E8}
    [2012/06/21 11:16:43 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{DAB6128F-E4CF-4DB3-8D9A-5488D4DCE054}
    [2012/06/20 12:08:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{4DFEF3BA-0754-4831-AE09-98CAFCA17111}
    [2012/06/20 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A1DDCA06-9FF8-454C-BC07-99D68A3A25C2}
    [2012/06/19 12:47:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{667F78C9-AB3B-47FF-A546-BE1F84FCE73B}
    [2012/06/19 12:47:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{09703CC4-D600-45BB-BFE4-FC8FFD2AE26F}
    [2012/06/18 15:40:50 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{4F65FDFF-B366-4D14-927F-6C5D4FC19A72}
    [2012/06/17 12:17:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{4F701712-D1CB-4B24-8238-F757AEF0DEE6}

    ========== Files - Modified Within 30 Days ==========

    [2012/07/16 17:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
    [2012/07/16 17:50:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    [2012/07/16 17:32:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/16 17:32:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/16 17:32:06 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
    [2012/07/16 17:32:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/07/16 17:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/16 17:31:55 | 3218,280,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/16 17:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/16 17:01:58 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/16 16:14:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
    [2012/07/16 09:01:52 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Greg\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/16 08:50:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/16 08:49:47 | 000,646,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/16 08:49:47 | 000,125,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/16 08:39:32 | 000,007,620 | ---- | M] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2012/07/16 06:43:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/16 06:27:16 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
    [2012/07/16 05:38:24 | 000,306,849 | ---- | M] (Farbar) -- C:\Users\Greg\Desktop\ListParts.exe
    [2012/07/16 05:18:26 | 000,000,512 | ---- | M] () -- C:\Users\Greg\Desktop\MBR.dat
    [2012/07/16 05:03:56 | 000,002,001 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/16 04:55:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
    [2012/07/16 04:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
    [2012/07/16 03:09:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
    [2012/07/16 03:08:20 | 001,558,528 | ---- | M] () -- C:\Users\Greg\Desktop\RogueKiller.exe
    [2012/07/13 16:30:01 | 223,825,280 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/10 18:36:42 | 000,002,265 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/07/10 16:10:07 | 000,001,106 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    [2012/07/10 11:16:02 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/07/08 19:28:55 | 000,152,576 | ---- | M] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/04 13:52:45 | 604,539,819 | ---- | M] () -- C:\Users\Greg\Documents\Euro 2012 All Goals Part One.mp4
    [2012/07/04 01:17:18 | 899,433,751 | ---- | M] () -- C:\Users\Greg\Documents\UEFA Euro 2012 All Goals Part One.mp4
    [2012/07/03 22:19:11 | 060,679,139 | ---- | M] () -- C:\Users\Greg\Documents\Euro 2012 All Goals.mp4
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/06/30 13:40:41 | 000,001,192 | ---- | M] () -- C:\Windows\System32\ff2statslog.ini
    [2012/06/30 13:40:41 | 000,001,169 | ---- | M] () -- C:\Windows\FOE2.ini

    ========== Files Created - No Company Name ==========

    [2012/07/16 17:01:58 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/16 08:49:54 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/16 05:18:26 | 000,000,512 | ---- | C] () -- C:\Users\Greg\Desktop\MBR.dat
    [2012/07/16 03:47:30 | 001,558,528 | ---- | C] () -- C:\Users\Greg\Desktop\RogueKiller.exe
    [2012/07/15 03:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/15 03:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/15 03:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/15 03:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/15 03:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/13 16:30:01 | 223,825,280 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/07/04 12:27:14 | 604,539,819 | ---- | C] () -- C:\Users\Greg\Documents\Euro 2012 All Goals Part One.mp4
    [2012/07/03 22:23:07 | 899,433,751 | ---- | C] () -- C:\Users\Greg\Documents\UEFA Euro 2012 All Goals Part One.mp4
    [2012/07/03 22:14:48 | 060,679,139 | ---- | C] () -- C:\Users\Greg\Documents\Euro 2012 All Goals.mp4
    [2012/06/30 19:04:47 | 000,001,106 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    [2012/06/30 13:40:41 | 000,001,192 | ---- | C] () -- C:\Windows\System32\ff2statslog.ini
    [2012/06/27 10:34:54 | 000,001,169 | ---- | C] () -- C:\Windows\FOE2.ini
    [2012/06/18 15:42:07 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/05/03 12:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2012/03/17 12:57:51 | 107,561,711 | ---- | C] () -- C:\Users\Greg\Angry Rage From a Cauliflower - MW3 Trolling.mp4
    [2011/11/16 22:39:42 | 000,156,825 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
    [2011/11/16 22:39:42 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
    [2011/11/16 22:22:04 | 000,157,413 | ---- | C] () -- C:\Windows\hpoins27.dat
    [2010/12/19 17:10:36 | 000,002,801 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\ac.exe.config
    [2010/12/13 16:29:30 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2010/11/23 15:11:52 | 000,000,092 | ---- | C] () -- C:\Users\Greg\AppData\Local\fusioncache.dat
    [2010/11/20 15:08:16 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/11/20 15:08:13 | 000,139,152 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\PnkBstrK.sys
    [2010/11/20 15:07:56 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2010/11/20 15:07:53 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2010/11/20 15:07:51 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2010/10/21 15:33:59 | 000,003,060 | ---- | C] () -- C:\Users\Greg\NSTS_reg605.prefs
    [2010/09/22 19:27:18 | 000,022,016 | ---- | C] () -- C:\Windows\System32\Uninstow.exe
    [2010/09/16 15:38:22 | 000,000,000 | ---- | C] () -- C:\Users\Greg\jagex__preferences3.dat
    [2010/09/16 15:38:04 | 000,000,099 | ---- | C] () -- C:\Users\Greg\jagex_runescape_preferences2.dat
    [2010/09/16 15:35:27 | 000,000,046 | ---- | C] () -- C:\Users\Greg\jagex_runescape_preferences.dat
    [2010/03/25 13:34:25 | 000,000,552 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d8caps.dat
    [2009/12/27 20:03:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/11/01 18:50:04 | 000,007,620 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2008/10/17 17:45:40 | 000,152,576 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/05/25 05:59:44 | 000,002,189 | ---- | C] () -- C:\Program Files\silent.nsi

    ========== LOP Check ==========

    [2012/06/09 13:27:57 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\.minecraft
    [2012/07/04 18:47:51 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Audacity
    [2012/01/09 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2009/12/05 19:20:51 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/08/15 15:24:07 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Electronic Arts
    [2012/01/07 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Football Superstars
    [2010/08/04 15:56:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\FreeFileViewer
    [2011/08/23 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\go
    [2010/07/17 08:33:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\KeePass
    [2010/07/01 17:07:52 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\LimeWire
    [2012/02/15 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Mumble
    [2009/06/17 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\OtakuSoftware
    [2012/07/07 16:20:38 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Ovwua
    [2010/12/10 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PCDr
    [2009/10/15 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PlayFirst
    [2012/04/25 11:34:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Pokemon Online
    [2012/07/03 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Publish Providers
    [2012/07/04 12:18:05 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Sony
    [2010/02/07 18:25:49 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\SPORE Creature Creator
    [2010/10/20 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Tourney Master 3 ES1 Professional
    [2011/01/14 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Tourney Master 3 ES1 Ultimate
    [2010/07/23 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TS3Client
    [2012/01/06 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Unity
    [2012/07/06 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\uTorrent
    [2010/10/16 08:34:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\WhiteSmoke
    [2012/05/24 16:35:15 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Windows Live Writer
    [2012/07/16 04:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
    [2012/07/16 16:14:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
    [2012/07/10 11:16:02 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/07/16 17:32:06 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
    [2012/07/16 17:31:00 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/16 17:32:05 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Midget 2.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Midget 1.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Jessica Alba.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\charlie.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Charlie and Mia.avi:TOC.WMV
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:40416C60
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6E009657
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F65D490F
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
  7. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Extras Log File,


    OTL Extras logfile created on: 16/07/2012 5:54:48 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Greg\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 57.97% Memory free
    6.22 Gb Paging File | 4.66 Gb Available in Paging File | 74.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 450.70 Gb Total Space | 189.40 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 6.25 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
    Drive K: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.59% Space Free | Partition Type: FAT32

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{A78920C0-57A2-4A08-A0EB-388D60F4CB54}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
    "TCP Query User{C4C52355-0E2E-45FC-9DC0-C61F4A46BA32}C:\program files\dell v105\dldnmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "TCP Query User{EA9E0A16-15F9-46FF-BC7E-AD6E9DB3C533}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{2D567B58-B21E-4184-A1EE-C2C1AC568C9C}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
    "UDP Query User{70B5BD99-09B3-45BA-986F-A9FE76AE1C50}C:\program files\dell v105\dldnmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "UDP Query User{DB91608E-37CA-42C8-8697-CEE69994AF73}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
    "{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
    "{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C1A6E72-2774-4443-8B92-402F06882341}" = AFL Live Premiership Edition
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27
    "{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
    "{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
    "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
    "{36EEFD4F-E34C-4491-B04A-DB8F85C3A021}" = Install
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
    "{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{55BABDA1-8A1C-49BB-83B1-7B57B3C81B31}" = International Cricket Captain 2005
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A438E06-0BB3-4C5F-0085-B14F1F4077E6}" = FIFA 07
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60379D61-4F60-4C0D-ADB0-7670BD513AE1}" = Pubs
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{66695FF9-B692-4C90-89EF-42A45AA4CF64}" = Cricket Captain 2008
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6F8A6D44-5ABC-4C5A-9BD8-D6312EA1E9F8}" = BigPond Broadband ADSL
    "{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
    "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
    "{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{782DCB70-3DF4-4366-00BF-E3767BCD173B}" = UEFA EURO 2004
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
    "{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Creature Creator
    "{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
    "{97DF1C46-FCCE-4591-9974-5A12CE667B9D}" = Tournament Maker
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{988E1C18-0DB9-46DB-85CC-1F94498E0BEA}" = Tourney Master 3 Professional
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6535881-39C2-403D-B63E-3780621AA8E4}" = League Watch
    "{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BB6887DF-6657-4821-9AC1-E0C2AC279732}_is1" = Stunt Pilot v1.0
    "{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
    "{BD975DD2-D2E7-486E-98FC-A99828AD2EDF}" = Graphmatica
    "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
    "{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
    "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
    "{C3F9AC0D-3A6D-42F7-8A44-80335A366233}" = Install
    "{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEFB418D-D277-43B0-9BA9-C5402455E625}" = Rugby 2004
    "{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
    "{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
    "{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EE89DCAD-37AD-4B43-B466-DB8FFEB083C5}" = Tourney Master 3 Ultimate
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F4953044-0533-4F01-B0FC-1D271AB998D8}" = Inkjet Toolbox
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
    "{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
    "3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
    "7-Zip" = 7-Zip 4.65
    "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Battle_Rush_is1" = Battle Rush
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Chessmaster 7000" = Chessmaster 7000
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "Combat Arms" = Combat Arms
    "Combat Chess" = Combat Chess
    "conduitEngine" = Conduit Engine
    "CrazyForCricket_3kbar Uninstall" = CrazyForCricket
    "Cricket Coach 2007" = Cricket Coach 2007 (remove only)
    "Cricket Coach 2007_is1" = Cricket Coach 2007
    "Cross Fire_is1" = Cross Fire En
    "Cyber Chess" = Cyber Chess
    "Dell Support Center" = Dell Support Center
    "Dell V105" = Dell V105
    "EA Download Manager" = EA Download Manager
    "Elf_1.15 Toolbar" = Elf 1.15 Toolbar
    "ESN Sonar-0.70.4" = ESN Sonar
    "Five-A-Side Football" = Five-A-Side Football
    "Football Champions Quiz" = Football Champions Quiz 1.21.WM.GR
    "Football Superstars_is1" = Football Superstars
    "Fraps" = Fraps
    "Game Booster_is1" = Game Booster
    "Google Desktop" = Google Desktop
    "HiGames Toolbar" = HiGames Toolbar
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HyperCam 2" = HyperCam 2
    "HyperCam Toolbar" = HyperCam Toolbar
    "InstallShield_{66695FF9-B692-4C90-89EF-42A45AA4CF64}" = Cricket Captain 2008
    "InstallShield_{988E1C18-0DB9-46DB-85CC-1F94498E0BEA}" = Tourney Master 3 Professional
    "InstallShield_{EE89DCAD-37AD-4B43-B466-DB8FFEB083C5}" = Tourney Master 3 Ultimate
    "InterActual Player" = InterActual Player
    "IObitBartoolbar Uninstall" = IObit Toolbar
    "Kick'n'Rush 2006" = KICKNRUSH (remove only)
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "LegoChessDeInstKey" = LEGO Chess
    "LimeWire" = LimeWire 4.18.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "midicase Toolbar" = midicase Toolbar
    "MinecraftCrack1.0" = MinecraftCrack
    "MiniGolfPro_is1" = Mini Golf Pro
    "Motoracing_is1" = Motoracing
    "Nitro Racers_is1" = Nitro Racers
    "PunkBusterSvc" = PunkBuster Services
    "RealBowling_is1" = Real Bowling
    "Shop for HP Supplies" = Shop for HP Supplies
    "Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
    "Steam App 440" = Team Fortress 2
    "Swiss" = Swiss Perfect 98
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Tournament Bracket Builder_is1" = Tournament Bracket Builder 1.2
    "Ultimate Chess and Checkers" = Ultimate Chess and Checkers
    "Ultravnc2_is1" = UltraVNC 1.0.8.2
    "WinLiveSuite" = Windows Live Essentials
    "Xfire" = Xfire (remove only)
    "XfireXO Toolbar" = XfireXO Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "d3e04f01a1b5edfb" = CrossFire Hack
    "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
    "Game Organizer" = EasyBits GO
    "Google Chrome" = Google Chrome
    "Power Loader" = Power Challenge Game Plugin
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/07/2012 6:46:40 PM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 15/07/2012 6:46:44 PM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 15/07/2012 6:46:47 PM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 15/07/2012 6:46:51 PM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 15/07/2012 7:00:14 PM | Computer Name = Greg-PC | Source = Perflib | ID = 1008
    Description =

    Error - 16/07/2012 3:32:08 AM | Computer Name = Greg-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
    Description =

    Error - 16/07/2012 3:33:35 AM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 16/07/2012 3:36:58 AM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 16/07/2012 3:37:08 AM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 16/07/2012 3:37:26 AM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 16/07/2012 3:37:33 AM | Computer Name = Greg-PC | Source = MsiInstaller | ID = 11706
    Description =

    [ OSession Events ]
    Error - 13/09/2010 2:25:52 AM | Computer Name = Greg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 815
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 12/03/2012 4:13:43 AM | Computer Name = Greg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5396
    seconds with 1020 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 15/07/2012 10:40:28 PM | Computer Name = Greg-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 15/07/2012 10:40:29 PM | Computer Name = Greg-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 16/07/2012 3:33:36 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 16/07/2012 3:33:36 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/07/2012 3:33:36 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/07/2012 3:33:36 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/07/2012 3:33:40 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 16/07/2012 3:33:40 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 16/07/2012 3:36:50 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 16/07/2012 3:36:50 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >
  8. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    I'll await further instruction from you Broni,


    Thanks and appreciation for everything you have done for me thus far :cool:
  9. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
      SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva388.sys -- (XDva388)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva379.sys -- (XDva379)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva377.sys -- (XDva377)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva374.sys -- (XDva374)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva372.sys -- (XDva372)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva368.sys -- (XDva368)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva367.sys -- (XDva367)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva366.sys -- (XDva366)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva362.sys -- (XDva362)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva361.sys -- (XDva361)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva358.sys -- (XDva358)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva352.sys -- (XDva352)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva348.sys -- (XDva348)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva346.sys -- (XDva346)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva345.sys -- (XDva345)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva344.sys -- (XDva344)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva342.sys -- (XDva342)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva341.sys -- (XDva341)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva336.sys -- (XDva336)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
      IE - HKU\.DEFAULT\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153
      IE - HKU\S-1-5-18\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153
      IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {970a72ad-2603-4b4e-bb28-aff6ab80cccd} - No CLSID value found
      O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = File not found
      O15 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/07/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
      @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Midget 2.avi:TOC.WMV
      @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Midget 1.avi:TOC.WMV
      @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Jessica Alba.avi:TOC.WMV
      @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\charlie.avi:TOC.WMV
      @Alternate Data Stream - 64 bytes -> C:\Users\Greg\Documents\Charlie and Mia.avi:TOC.WMV
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:40416C60
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6E009657
      @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F65D490F
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Application Updater\ApplicationUpdater.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  10. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Hi Broni,

    OTL Run Fix log for your perusal,


    All processes killed
    ========== OTL ==========
    Process ApplicationUpdater.exe killed successfully!
    Service Application Updater stopped successfully!
    Service Application Updater deleted successfully!
    C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
    Service XDva397 stopped successfully!
    Service XDva397 deleted successfully!
    File C:\Windows\system32\XDva397.sys not found.
    Service XDva394 stopped successfully!
    Service XDva394 deleted successfully!
    File C:\Windows\system32\XDva394.sys not found.
    Service XDva392 stopped successfully!
    Service XDva392 deleted successfully!
    File C:\Windows\system32\XDva392.sys not found.
    Service XDva391 stopped successfully!
    Service XDva391 deleted successfully!
    File C:\Windows\system32\XDva391.sys not found.
    Service XDva390 stopped successfully!
    Service XDva390 deleted successfully!
    File C:\Windows\system32\XDva390.sys not found.
    Service XDva388 stopped successfully!
    Service XDva388 deleted successfully!
    File C:\Windows\system32\XDva388.sys not found.
    Service XDva386 stopped successfully!
    Service XDva386 deleted successfully!
    File C:\Windows\system32\XDva386.sys not found.
    Service XDva385 stopped successfully!
    Service XDva385 deleted successfully!
    File C:\Windows\system32\XDva385.sys not found.
    Service XDva384 stopped successfully!
    Service XDva384 deleted successfully!
    File C:\Windows\system32\XDva384.sys not found.
    Service XDva383 stopped successfully!
    Service XDva383 deleted successfully!
    File C:\Windows\system32\XDva383.sys not found.
    Service XDva382 stopped successfully!
    Service XDva382 deleted successfully!
    File C:\Windows\system32\XDva382.sys not found.
    Service XDva380 stopped successfully!
    Service XDva380 deleted successfully!
    File C:\Windows\system32\XDva380.sys not found.
    Service XDva379 stopped successfully!
    Service XDva379 deleted successfully!
    File C:\Windows\system32\XDva379.sys not found.
    Service XDva377 stopped successfully!
    Service XDva377 deleted successfully!
    File C:\Windows\system32\XDva377.sys not found.
    Service XDva375 stopped successfully!
    Service XDva375 deleted successfully!
    File C:\Windows\system32\XDva375.sys not found.
    Service XDva374 stopped successfully!
    Service XDva374 deleted successfully!
    File C:\Windows\system32\XDva374.sys not found.
    Service XDva372 stopped successfully!
    Service XDva372 deleted successfully!
    File C:\Windows\system32\XDva372.sys not found.
    Service XDva370 stopped successfully!
    Service XDva370 deleted successfully!
    File C:\Windows\system32\XDva370.sys not found.
    Service XDva368 stopped successfully!
    Service XDva368 deleted successfully!
    File C:\Windows\system32\XDva368.sys not found.
    Service XDva367 stopped successfully!
    Service XDva367 deleted successfully!
    File C:\Windows\system32\XDva367.sys not found.
    Service XDva366 stopped successfully!
    Service XDva366 deleted successfully!
    File C:\Windows\system32\XDva366.sys not found.
    Service XDva362 stopped successfully!
    Service XDva362 deleted successfully!
    File C:\Windows\system32\XDva362.sys not found.
    Service XDva361 stopped successfully!
    Service XDva361 deleted successfully!
    File C:\Windows\system32\XDva361.sys not found.
    Service XDva359 stopped successfully!
    Service XDva359 deleted successfully!
    File C:\Windows\system32\XDva359.sys not found.
    Service XDva358 stopped successfully!
    Service XDva358 deleted successfully!
    File C:\Windows\system32\XDva358.sys not found.
    Service XDva352 stopped successfully!
    Service XDva352 deleted successfully!
    File C:\Windows\system32\XDva352.sys not found.
    Service XDva349 stopped successfully!
    Service XDva349 deleted successfully!
    File C:\Windows\system32\XDva349.sys not found.
    Service XDva348 stopped successfully!
    Service XDva348 deleted successfully!
    File C:\Windows\system32\XDva348.sys not found.
    Service XDva347 stopped successfully!
    Service XDva347 deleted successfully!
    File C:\Windows\system32\XDva347.sys not found.
    Service XDva346 stopped successfully!
    Service XDva346 deleted successfully!
    File C:\Windows\system32\XDva346.sys not found.
    Service XDva345 stopped successfully!
    Service XDva345 deleted successfully!
    File C:\Windows\system32\XDva345.sys not found.
    Service XDva344 stopped successfully!
    Service XDva344 deleted successfully!
    File C:\Windows\system32\XDva344.sys not found.
    Service XDva342 stopped successfully!
    Service XDva342 deleted successfully!
    File C:\Windows\system32\XDva342.sys not found.
    Service XDva341 stopped successfully!
    Service XDva341 deleted successfully!
    File C:\Windows\system32\XDva341.sys not found.
    Service XDva337 stopped successfully!
    Service XDva337 deleted successfully!
    File C:\Windows\system32\XDva337.sys not found.
    Service XDva336 stopped successfully!
    Service XDva336 deleted successfully!
    File C:\Windows\system32\XDva336.sys not found.
    Service EagleXNt stopped successfully!
    Service EagleXNt deleted successfully!
    File C:\Windows\system32\drivers\EagleXNt.sys not found.
    Service EagleNT stopped successfully!
    Service EagleNT deleted successfully!
    File C:\Windows\system32\drivers\EagleNT.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7757CBCC-0975-4b79-A519-90B142CA3A23} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7757CBCC-0975-4b79-A519-90B142CA3A23}\ not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7757CBCC-0975-4b79-A519-90B142CA3A23} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7757CBCC-0975-4b79-A519-90B142CA3A23}\ not found.
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{970a72ad-2603-4b4e-bb28-aff6ab80cccd} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{970a72ad-2603-4b4e-bb28-aff6ab80cccd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{970a72ad-2603-4b4e-bb28-aff6ab80cccd}\ deleted successfully.
    C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk moved successfully.
    Registry key HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ADS C:\Users\Greg\Documents\Midget 2.avi:TOC.WMV deleted successfully.
    ADS C:\Users\Greg\Documents\Midget 1.avi:TOC.WMV deleted successfully.
    ADS C:\Users\Greg\Documents\Jessica Alba.avi:TOC.WMV deleted successfully.
    ADS C:\Users\Greg\Documents\charlie.avi:TOC.WMV deleted successfully.
    ADS C:\Users\Greg\Documents\Charlie and Mia.avi:TOC.WMV deleted successfully.
    ADS C:\ProgramData\TEMP:40416C60 deleted successfully.
    ADS C:\ProgramData\TEMP:6E009657 deleted successfully.
    ADS C:\ProgramData\TEMP:F65D490F deleted successfully.
    ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 8267105 bytes
    ->Temporary Internet Files folder emptied: 24472888 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6835023 bytes
    ->Apple Safari cache emptied: 174970880 bytes
    ->Flash cache emptied: 5269774 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 575507 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 210.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Greg
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07172012_105958
    Files\Folders moved on Reboot...
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVY3DAQX\bizo_multi[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVY3DAQX\net[2].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA4PH5RD\partner[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TB6GFVB\partner[1].htm moved successfully.
    File\Folder C:\Windows\temp\TMP000000014A87920E61C4C269 not found!
    PendingFileRenameOperations files...
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVY3DAQX\bizo_multi[1].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVY3DAQX\net[2].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA4PH5RD\partner[1].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TB6GFVB\partner[1].htm not found!
    File C:\Windows\temp\TMP000000014A87920E61C4C269 not found!
    Registry entries deleted on Reboot...
  11. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    I'll now run Security Check and post log ASAP
     
  12. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Security Check Log for your perusal,


    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 27
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 11.3.300.265
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
  13. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Farbar SS Log for your perusal,

    Farbar Service Scanner Version: 08-07-2012
    Ran by Greg (administrator) on 17-07-2012 at 11:31:04
    Running from "C:\Users\Greg\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  14. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Temp File Cleaner log. No reboot required by program,


    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 151400 bytes
    ->Temporary Internet Files folder emptied: 5727311 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17407 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102977868 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 104.00 mb
  15. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Running ESATScan Log. Will post log ASAP :)
  16. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    ESATScan log for your perusal, I shall await further instruction from you Broni :)


    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3khtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3khtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kPlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\3kEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\3kEZSETP.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\NP3kEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\HyperCam Toolbar\UninstallToolbar.exe Win32/Somoto application cleaned by deleting - quarantined
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20100701-165212-683.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20100701-165212-813.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Yontoo Layers Client\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
    C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Automated Content Enhancer\4.2.0.5360\ACEIeaddon.dll.vir a variant of Win32/Adware.DoubleD.AQ application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll.vir Win32/Adware.DoubleD.AE application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Content Management Wizard\1.2.0.2080\CMWIe.dll.vir a variant of Win32/Adware.DoubleD.AI application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AQ application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTactl.dll.vir Win32/FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTmlmu.dll.vir Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTtpct.dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCrctr.dll.vir Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AP application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\YouTube Downloader Toolbar\SeARchsettings.dll.vir Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Users\Greg\AppData\LocalLow\CrazyForCricket_3kEI\Installr\Cache\0046B9ED.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
    C:\Users\Greg\Documents\CROSSFIRE ZP MEGA HACK PACK2010.zip a variant of MSIL/PSW.Agent.NER trojan deleted - quarantined
    C:\Users\Greg\Documents\CROSSFIRE ZP MEGA HACK PACK2010\CROSSFIRE ZP MEGA HACK PACK2010\CrossFire ZP Generator.exe a variant of MSIL/PSW.Agent.NER trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07172012_105958\C_Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
  17. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  18. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    OTL Run Fix 2 for your perusal,


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 231927 bytes
    ->Temporary Internet Files folder emptied: 15455674 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11583 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Greg
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.54.0 log created on 07172012_143510
    Files\Folders moved on Reboot...
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KQVTP0\partner[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KQVTP0\partner[2].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\918[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\bizo_multi[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\partner[1].htm moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KQVTP0\partner[1].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KQVTP0\partner[2].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\918[1].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\bizo_multi[1].htm not found!
    File C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NQTSZ6S\partner[1].htm not found!
    Registry entries deleted on Reboot...
     
  19. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Hi again Broni. Currently runing PSI. I will report back shortly :)
  20. Broni

    Broni Malware Annihilator Posts: 46,169   +251

  21. Johnny270268

    Johnny270268 Newcomer, in training Topic Starter Posts: 81

    Hi Broni,

    All scans have completed successfully ;)

    I downloaded and installed File Hippo updater but everytime I reboot computer Windows blocks it until I give it permission. I personally wouldn't be concerned but, this is a relatives computer, and he was annoyed by it so I uninstalled it again.

    The computer performance is spot on and MSE and malwarebytes working great in tandem (no conflicts). I made a list of these and the other programmes (WOT, TFC) and a schedule for their use. I've printed this off so that he can refer to it for daily, weekly security maintennace. I did recommend he purchase malwarebytes for real-time protection so hopefully he'll do this. I'll can keep an eye on all that for him anyway :) .

    As usual, it has taken me a while to respond :D , but I had to go to a meeting last night and call at a clients place on the way home. I came home and pretty much went to bed and have only just gotten up. I mean no disrespect.

    I cannot thank-you enough for your services, Broni, I was at a total loss and your cool, calm, profesional approach is a god send to folks like me. You do TechSpot a proud service. If I may, I would like to send a donation your way. I will use the link in your signature here to do that.

    I truly hope that I may avail myself of our services again in the future as I get people who come to me with their virus problems (all manner of general computer problems) and although I'm pretty good at this, sometimes I would just like to consult the best.

    That's you man! :cool:
  22. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.