Solved Response to "8-step Viruses/Spyware/Malware Preliminary Removal Instructions"

Status
Not open for further replies.
W

WonderGirls

Posts: 46   +0
So I got hit with the new MSN virus or malware that's been going around and I did the 8-step procedure but I'm too scared to re-install MSN until I know for sure the whole virus or malware is gone.

GMER will be uploaded soon somehow the log didn't save so I'll have to run it again. Hope you can make something out of this for the meanwhile.

A fast reply would be nice. Thanks.

EDIT: Well GMER gives me nothing to save or to copy, no system modifications found. So, I can't upload a blank page.

EDIT: Whoops forgot to add my MBAM log. V: I'll get on that!

MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4359

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

27/07/2010 2:32:12 PM
mbam-log-2010-07-27 (14-32-12).txt

Scan type: Quick scan
Objects scanned: 138249
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Windows\jusched.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Chris\downloads\PIC3367576676-JPG-www.facebook.com.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\jusched.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 

Attachments

  • Attach.txt
    6.5 KB · Views: 0
  • DDS.txt
    24.6 KB · Views: 2
1. Welcome aboard :)
2. Do NOT bump your topic after merely 3 hours of no reply. We don't provide "911" service, because we're all volunteers and we're not here 24/7. We work, eat and we have private lives too.

Now...

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Sorry about the bumps I'm just anxious about this virus or malware thing.

Here are the logs:

OTL Extras logfile created on: 27/07/2010 6:54:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 420.41 Gb Free Space | 72.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 96 05 03 CA 58 75 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1528BD2E-4ADB-4A6B-ADDF-B6176A3D475E}" = lport=62607 | protocol=6 | dir=in | name=s4 league |
"{33687CBB-D77A-47E3-88E6-7E55C2709FD4}" = lport=28002 | protocol=6 | dir=in | name=a |
"{33C9CBAA-4FE9-4B9E-B239-2343159ACA82}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3D84BC7A-7431-46D7-8F8C-87FB090BE6B2}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{433E44F4-1E5C-45A0-9D82-31B90FF9497B}" = lport=6112 | protocol=17 | dir=in | name=a |
"{46D12291-9723-459C-B051-1ABE1C7C2860}" = lport=62609 | protocol=6 | dir=in | name=s4 league |
"{914B93DB-0FC6-47D4-B718-E926B904942A}" = lport=28013 | protocol=6 | dir=in | name=a |
"{AE6D6415-5289-4292-8CF8-8F21385D506A}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{B2649286-4B55-4AA5-8094-6D161626BA27}" = lport=62608 | protocol=6 | dir=in | name=s4 league |
"{BBCC269C-2E3F-4BE7-9BBA-8F0A9BA59BD9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C989710B-D595-4031-B334-0F57A00783AE}" = lport=50936 | protocol=6 | dir=in | name=akamai netsession interface |
"{E24F55AF-6CB7-4AF6-9246-EE12E7A1014C}" = lport=28008 | protocol=6 | dir=in | name=a |
"{FA640447-0B1E-4E56-B91C-8B3E8531B2EE}" = lport=28012 | protocol=6 | dir=in | name=a |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B8FBCA-6DD5-4F1B-B3BF-D3856D8EFB42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{06778477-03DC-45D9-9DE5-D29BB91BE4FC}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1573892A-4CCA-459A-8582-282986BD830D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{21D1976C-F938-4C9C-B792-D2C6AF06B251}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3C3B97BE-F143-47A7-9E06-DA8C286F85F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{436B8613-E1E3-46AB-AD88-DD0BA42A2FAF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4F0EB19C-2511-4547-93E6-EC8C4625AA76}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5ACFADA8-FDA1-4FD0-A955-BEC5DC36A42E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6579C560-A96E-4761-885E-7284F68C02DC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6CBA765B-1986-4DCA-8824-E450999A8E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{7A2254C3-168A-4775-B4C1-5A2A54367BE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7C8B2BA7-CE36-45A0-B887-788119C3066E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D5714F2-8D26-49CC-8727-53B29C1F9E1F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{89670EAC-6FEB-4D7A-A039-0ABB0D046E3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CF5E9AC-9593-4A45-B45B-F8F815C5AEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9CC0CA2A-A56E-4F5D-B7BB-39DCC07770A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9D20FB11-33E8-482C-B846-55E9F43AC383}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{A25EFCBE-2C3B-4141-A497-AB707770BACF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{AF68B2E1-AC28-49E6-B47C-6D4C634A583E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B19E047C-904A-43F9-A686-00C8B4C037B3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BA9E8904-5AF3-4223-8575-57C6BAA6F20F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C1E8A4DA-40EA-4483-ACD5-EEF1F956DC3F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{C600F70F-AB5A-422E-9EC0-9837429AADBD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C7AD4B2B-F2DD-4782-A386-2E53536163AD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C8732969-649B-4331-B662-8CB016DEADA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{CC1B53AB-9705-43AF-AD3E-3FE39F381FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CFA6B5EB-6BF1-44C5-9B17-20E8D349EA82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D2092EE6-0816-4460-9A99-EF6304C8DB82}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{D4C76D22-0DBE-4C02-B6A5-DC31D667EB35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1EC16A2-4AD6-45C0-BBC1-0D731EF39036}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E58DF3E3-4652-4C6D-939D-16A51FA00CA8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F2641814-B9D8-4D5D-931B-7C639F6C3967}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F6C3F33F-81F1-47B5-BC26-187C05DD297F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F715E153-9039-42F7-B995-86FC8C3AD5E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{FFC58E13-9BB2-4DE4-92AA-BC1D739C76E5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"TCP Query User{34E5E811-8D33-4068-9909-12BE95CB0CEB}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{3CBC8FB6-5DD3-412B-BD1D-790874324A4D}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{8D40CA54-5853-47C4-9790-82666EF78ECD}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C4B0FB50-58F5-4AB4-AD3F-85FFFEB53716}C:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err" = protocol=6 | dir=in | app=c:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err |
"UDP Query User{001DE772-E222-42E9-9816-7A4E3D8B2AF9}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{79FB546A-9063-404A-B90B-0A155DEC4285}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{BDB3944A-CE6A-4E70-9B4A-09FF107C8FD5}C:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err" = protocol=17 | dir=in | app=c:\program files (x86)\gamescampus\asdastory\system\log\error exception request.err |
"UDP Query User{D4A332C5-E224-4602-B0AC-71309718299B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C4E9AECF-A522-E656-9909-20269C9BDF73}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F41CB1E8-4F70-9F2F-1C8A-3D17156D451C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0017A998-81D6-3C60-37BA-CC0270227FE4}" = CCC Help Norwegian
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308138-2A97-6457-DEFD-A9DAA0A4BB6B}" = Catalyst Control Center Localization Spanish
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AD63F91-AC37-E543-AB30-2E31F101C6FD}" = Skins
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1294D937-4D0A-2481-0AE5-713E10803544}" = CCC Help Japanese
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EFAA3FF-06D7-463A-0116-5AF5A9801BC3}" = Catalyst Control Center Localization Swedish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C11389D-7D84-25A8-6511-EDAC3C894CDF}" = Catalyst Control Center Localization Norwegian
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3474C36B-005C-5D61-3806-319C9F22B014}" = Catalyst Control Center Localization Finnish
"{3510C83C-0103-D6A6-42E2-2393D95E130A}" = Catalyst Control Center Graphics Full New
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{465E6ED3-E9C8-0578-2EAF-14306B537947}" = Catalyst Control Center Core Implementation
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{475CEB7F-F373-743A-AC19-7CE00D01A74A}" = ViiKii Desktop Plug-in
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5506C4D6-B86C-841A-C8FB-C0A1778DE588}" = Catalyst Control Center Localization Danish
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5903BD7F-67A1-3EB7-1E38-D8E916DA18C6}" = CCC Help Dutch
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64D7A8CF-A1C5-F905-437F-E71DB9C20318}" = CCC Help Spanish
"{675F649A-1775-7D59-0724-906116A4FA41}" = Catalyst Control Center Localization Italian
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70080BD1-A2DE-E4B2-AB57-4C1A940BCC72}" = Catalyst Control Center Localization German
"{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A0E37B-17DF-161A-7D5F-6CEB5B59D8C5}" = CCC Help French
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{895B75F0-0EDA-6CC3-03FA-18068BC27ED4}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9CF9ED6F-4AAC-DF47-0B98-D77B44F8FE58}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69991AB-BE6D-C759-B3BC-5D318753592E}" = CCC Help Swedish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3F677EC-AC3C-22AD-FF91-1FF1918CB182}" = Catalyst Control Center Localization Japanese
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C885D139-5092-D20B-EC30-3FCAF3AC3EF2}" = CCC Help Danish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{E0326792-4269-7E77-2CA0-FAE03F45A388}" = Catalyst Control Center Graphics Previews Vista
"{E0E21795-C479-927B-AE38-968CDBC932EF}" = ccc-core-static
"{E40096C5-F047-C5A9-7119-A4DFB0DE0775}" = Catalyst Control Center Localization French
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{ED854376-A148-5760-598B-EF3EFD647222}" = Catalyst Control Center Graphics Full Existing
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F704C8-0B59-A3B3-D69B-805D06629B08}" = CCC Help Italian
"{F8C7A3FD-81B8-E9F1-7989-D138A7D59047}" = Catalyst Control Center Graphics Light
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD06CF26-F9DB-C201-B3B0-6155DAB99514}" = CCC Help German
"{FD3D5956-1F39-9DA1-5780-4749847B965A}" = CCC Help Finnish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"AsdaStory" = AsdaStory
"AsdaStoy" = AsdaStoy
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster
"GAMESCAMPUSSOULMASTER" = SoulMaster
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.6
"Gateway Screensaver" = Gateway ScreenSaver
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MangaFighter" = MangaFighter
"Messenger Plus! Live" = Messenger Plus! Live
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"TeamViewer 5" = TeamViewer 5
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XPMP" = Xfire Plus: Music Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2010 3:19:20 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 24/06/2010 3:20:37 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/06/2010 3:38:05 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/06/2010 12:29:49 AM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 25/06/2010 12:07:16 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/06/2010 12:07:33 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/06/2010 12:51:45 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 25/06/2010 12:53:36 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/06/2010 1:22:58 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 25/06/2010 7:01:27 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 25/07/2010 2:17:49 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/07/2010 2:19:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 25/07/2010 2:19:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/07/2010 3:23:07 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 25/07/2010 3:23:07 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/07/2010 5:00:12 PM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 26/07/2010 5:00:12 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 26/07/2010 5:00:12 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/07/2010 10:17:56 PM | Computer Name = Home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.71 for the Network Card with network
address 002511449CBA has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 27/07/2010 4:55:56 PM | Computer Name = Home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002511449CBA has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >
 
OTL logfile created on: 27/07/2010 6:54:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 420.41 Gb Free Space | 72.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/27 18:53:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2010/07/27 03:12:08 | 013,192,192 | ---- | M] () -- C:\GamesCampus\SoulMaster\smc.exe
PRC - [2010/06/29 21:37:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/28 20:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/21 05:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/04/29 18:55:02 | 002,938,552 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/09/27 16:08:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/05 11:51:22 | 000,123,904 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008/12/24 12:29:30 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 17:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/22 02:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/01 11:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/07/27 18:53:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2010/01/26 02:14:50 | 000,836,432 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/12/17 20:15:23 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/29 08:06:07 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/29 08:06:05 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/29 08:05:42 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/10/03 03:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 15:39:40 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/29 21:37:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/25 17:01:14 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/21 05:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 20:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/06 09:19:00 | 003,401,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/04 10:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 10:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 10:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/07/29 08:06:59 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/07/29 08:06:59 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/29 08:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/03 22:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/10/03 04:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/16 02:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005/01/04 03:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/26 14:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 14:03:04 | 000,000,000 | ---D | M]

[2010/06/27 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\staged-xpis
[2010/06/05 16:21:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/27 12:31:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/05 16:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/05 16:21:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010/01/22 17:03:54 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Xfire Music] C:\Program Files (x86)\Xfire\xfiremusic.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========

[2010/07/27 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010/07/27 14:24:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/27 14:24:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/27 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/27 14:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 15:54:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/21 16:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/21 16:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 16:44:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/16 16:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/07/16 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/07/16 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Real
[2010/07/15 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/07/09 18:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2010/07/09 18:26:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\CyberLink
[2010/06/28 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\LolClient
[2010/06/28 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/06/28 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/06/28 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/06/28 14:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/06/28 14:42:03 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/28 13:57:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\LeagueOfLegends6.8
[2010/06/26 17:32:58 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/06/21 17:18:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\TeamSpeak 3 Client
[2010/06/18 17:23:15 | 000,198,504 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\Tcpview.exe
[2010/06/17 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Leatrix Latency Fix 1.21
[2010/06/16 16:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/16 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/16 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/14 19:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/06/13 15:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus
[2010/06/04 21:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/05/27 19:06:55 | 000,000,000 | ---D | C] -- C:\Programme
[2010/05/23 20:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViiKiiDesktopPlugin
[2010/05/21 12:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/05/08 14:39:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\S4_League_Trainer
[2010/04/30 17:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/04/29 20:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/04/29 20:11:21 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/04/29 18:55:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PMB Files
[2010/04/29 18:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

========== Files - Modified Within 90 Days ==========

[2010/07/27 18:58:11 | 003,407,872 | ---- | M] () -- C:\Users\Chris\ntuser.dat
[2010/07/27 18:58:01 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/07/27 18:55:25 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/07/27 18:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001UA.job
[2010/07/27 18:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001Core.job
[2010/07/27 18:34:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 18:34:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 18:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 14:40:34 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/27 14:40:34 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/27 14:40:34 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/27 14:40:34 | 000,000,558 | ---- | M] () -- C:\Users\Chris\Desktop\q1hkvgbp - Shortcut.lnk
[2010/07/27 14:34:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 14:34:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 14:34:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 14:33:22 | 003,454,595 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/07/27 14:33:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{dcebc351-4f29-11df-944a-002511449cba}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 14:33:22 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{dcebc351-4f29-11df-944a-002511449cba}.TM.blf
[2010/07/27 14:24:39 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 16:31:14 | 000,001,769 | ---- | M] () -- C:\Users\Chris\Desktop\SoulMaster.lnk
[2010/07/22 15:51:31 | 710,054,602 | ---- | M] () -- C:\Users\Chris\Desktop\SoulMaster_Setup.exe
[2010/07/21 16:46:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/18 20:25:42 | 000,002,437 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
[2010/07/13 15:50:23 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/09 18:42:39 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/06/30 21:38:14 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/06/28 17:28:03 | 000,002,017 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/28 15:47:04 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010/06/28 14:45:05 | 000,001,495 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/26 17:43:38 | 000,058,368 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 17:18:43 | 000,001,016 | ---- | M] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2010/06/19 14:38:22 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/06/13 15:49:27 | 000,001,008 | ---- | M] () -- C:\Users\Chris\Desktop\Asdastory.lnk
[2010/06/11 18:05:34 | 002,906,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/31 21:10:33 | 000,010,439 | ---- | M] () -- C:\Users\Chris\Documents\Old blog layout.rtf
[2010/05/27 18:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 18:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/05/26 08:46:42 | 000,026,624 | ---- | M] () -- C:\Users\Chris\Documents\S4ItemManagerR9h.dll
[2010/05/25 18:37:37 | 000,002,006 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/22 21:55:16 | 000,070,760 | ---- | M] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/08 16:16:21 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/05/07 07:03:10 | 000,734,558 | ---- | M] () -- C:\Users\Chris\Documents\P18.exe
[2010/04/29 18:16:54 | 000,627,232 | ---- | M] () -- C:\Users\Chris\Documents\1238286226295.gif
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/27 14:40:34 | 000,000,558 | ---- | C] () -- C:\Users\Chris\Desktop\q1hkvgbp - Shortcut.lnk
[2010/07/27 14:24:39 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 15:56:16 | 000,001,769 | ---- | C] () -- C:\Users\Chris\Desktop\SoulMaster.lnk
[2010/07/22 14:45:18 | 710,054,602 | ---- | C] () -- C:\Users\Chris\Desktop\SoulMaster_Setup.exe
[2010/07/21 16:46:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/13 15:50:23 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/09 18:42:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/28 17:28:03 | 000,002,017 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/28 14:47:46 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/06/28 14:45:05 | 000,001,495 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/21 17:18:43 | 000,001,016 | ---- | C] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2010/06/19 14:38:22 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/06/13 15:49:27 | 000,001,008 | ---- | C] () -- C:\Users\Chris\Desktop\Asdastory.lnk
[2010/05/31 21:10:33 | 000,010,439 | ---- | C] () -- C:\Users\Chris\Documents\Old blog layout.rtf
[2010/05/27 18:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 18:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/05/26 20:18:43 | 000,026,624 | ---- | C] () -- C:\Users\Chris\Documents\S4ItemManagerR9h.dll
[2010/05/25 18:37:37 | 000,002,006 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/25 18:35:40 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001UA.job
[2010/05/25 18:35:40 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001Core.job
[2010/05/08 16:16:21 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/05/07 07:03:09 | 000,734,558 | ---- | C] () -- C:\Users\Chris\Documents\P18.exe
[2010/04/29 18:16:53 | 000,627,232 | ---- | C] () -- C:\Users\Chris\Documents\1238286226295.gif
[2010/01/27 12:00:09 | 000,000,538 | ---- | C] () -- C:\Windows\mp3wavcon.ini
[2010/01/27 11:59:34 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/03 15:27:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 15:26:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/29 18:26:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/27 17:40:45 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/27 16:12:57 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/09/27 16:12:57 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/07/09 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitTorrent
[2009/12/25 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations
[2010/01/17 12:12:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/12/02 17:04:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2010/06/28 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2009/10/25 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2009/10/04 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2010/01/10 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010/01/27 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinFF
[2010/07/27 14:33:23 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/14 04:20:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2005/09/22 22:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/27 14:34:03 | 2460,229,631 | -HS- | M] () -- C:\pagefile.sys
[2009/04/14 02:07:58 | 000,001,932 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 09:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 09:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 09:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/04 20:40:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 00:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 20:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 03:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp
During installation, make sure to UN-check any pre-checked extra "garbage" installation, like Yahoo toolbar, or others (if offered).

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 5860051 bytes
->Temporary Internet Files folder emptied: 18450291 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 59978891 bytes
->Flash cache emptied: 1137 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1057472 bytes

Total Files Cleaned = 81.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07272010_193841

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Currently doing the scan will post the log after scan.
 
OTL logfile created on: 27/07/2010 7:42:33 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop\Stuff
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 424.73 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/27 18:53:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\Stuff\OTL.exe
PRC - [2010/07/20 15:39:40 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/06/29 21:37:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/28 20:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/28 14:47:58 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/21 05:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/04/29 18:55:02 | 002,938,552 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/09/27 16:08:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/05 11:51:22 | 000,123,904 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008/12/24 12:29:30 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 17:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 11:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/07/27 18:53:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\Stuff\OTL.exe
MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2010/01/26 02:14:50 | 000,836,432 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/12/17 20:15:23 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/29 08:06:07 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/29 08:06:05 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/29 08:05:42 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/10/03 03:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 15:39:40 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/29 21:37:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/25 17:01:14 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/21 05:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 20:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/06 09:19:00 | 003,401,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/08/24 05:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/04 10:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 10:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 10:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/07/29 08:06:59 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/07/29 08:06:59 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/29 08:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/03 22:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/10/03 04:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/16 02:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005/01/04 03:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4820&r=1v3609094606p03d5vq25k47024328
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/26 14:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 14:03:04 | 000,000,000 | ---D | M]

[2010/06/27 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/27 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\staged-xpis
[2010/07/27 19:34:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/27 12:31:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/05 16:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/27 19:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010/01/22 17:03:54 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Xfire Music] C:\Program Files (x86)\Xfire\xfiremusic.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/27 19:38:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/27 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Stuff
[2010/07/27 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010/07/27 14:24:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/27 14:24:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/27 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/27 14:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 15:54:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/21 16:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/21 16:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/16 16:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/07/16 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/07/16 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Real
[2010/07/15 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/07/09 18:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2010/07/09 18:26:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\CyberLink
[2010/06/28 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\LolClient
[2010/06/28 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/06/28 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/06/28 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/06/28 14:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/06/28 14:42:03 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/28 13:57:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\LeagueOfLegends6.8
[2010/06/26 17:32:58 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/06/21 17:18:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\TeamSpeak 3 Client
[2010/06/18 17:23:15 | 000,198,504 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\Tcpview.exe
[2010/06/17 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Leatrix Latency Fix 1.21
[2010/06/16 16:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/16 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/16 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/14 19:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/06/13 15:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus
[2010/06/04 21:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/05/27 19:06:55 | 000,000,000 | ---D | C] -- C:\Programme
[2010/05/23 20:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViiKiiDesktopPlugin
[2010/05/21 12:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/05/08 14:39:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\S4_League_Trainer
[2010/04/30 17:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/04/29 20:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/04/29 20:11:21 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/04/29 18:55:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PMB Files
[2010/04/29 18:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

========== Files - Modified Within 90 Days ==========
 
[2010/07/27 19:46:39 | 003,407,872 | ---- | M] () -- C:\Users\Chris\ntuser.dat
[2010/07/27 19:46:23 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/27 19:46:23 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/27 19:46:23 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/27 19:46:23 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/07/27 19:44:17 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/07/27 19:41:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 19:40:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 19:40:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 19:40:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 19:40:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 19:39:12 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{dcebc351-4f29-11df-944a-002511449cba}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 19:39:12 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{dcebc351-4f29-11df-944a-002511449cba}.TM.blf
[2010/07/27 19:39:10 | 003,285,305 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/07/27 19:16:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 18:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001UA.job
[2010/07/27 18:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001Core.job
[2010/07/22 16:31:14 | 000,001,769 | ---- | M] () -- C:\Users\Chris\Desktop\SoulMaster.lnk
[2010/07/22 15:51:31 | 710,054,602 | ---- | M] () -- C:\Users\Chris\Desktop\SoulMaster_Setup.exe
[2010/07/21 16:46:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/18 20:25:42 | 000,002,437 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
[2010/07/13 15:50:23 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/09 18:42:39 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/06/30 21:38:14 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/06/28 17:28:03 | 000,002,017 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/28 15:47:04 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010/06/28 14:45:05 | 000,001,495 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/26 17:43:38 | 000,058,368 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 17:18:43 | 000,001,016 | ---- | M] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2010/06/19 14:38:22 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/06/13 15:49:27 | 000,001,008 | ---- | M] () -- C:\Users\Chris\Desktop\Asdastory.lnk
[2010/06/11 18:05:34 | 002,906,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/31 21:10:33 | 000,010,439 | ---- | M] () -- C:\Users\Chris\Documents\Old blog layout.rtf
[2010/05/27 18:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 18:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/05/26 08:46:42 | 000,026,624 | ---- | M] () -- C:\Users\Chris\Documents\S4ItemManagerR9h.dll
[2010/05/25 18:37:37 | 000,002,006 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/22 21:55:16 | 000,070,760 | ---- | M] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/08 16:16:21 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/05/07 07:03:10 | 000,734,558 | ---- | M] () -- C:\Users\Chris\Documents\P18.exe
[2010/04/29 18:16:54 | 000,627,232 | ---- | M] () -- C:\Users\Chris\Documents\1238286226295.gif
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/22 15:56:16 | 000,001,769 | ---- | C] () -- C:\Users\Chris\Desktop\SoulMaster.lnk
[2010/07/22 14:45:18 | 710,054,602 | ---- | C] () -- C:\Users\Chris\Desktop\SoulMaster_Setup.exe
[2010/07/21 16:46:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/13 15:50:23 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/09 18:42:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/28 17:28:03 | 000,002,017 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/28 14:47:46 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/06/28 14:45:05 | 000,001,495 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/21 17:18:43 | 000,001,016 | ---- | C] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2010/06/19 14:38:22 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/06/13 15:49:27 | 000,001,008 | ---- | C] () -- C:\Users\Chris\Desktop\Asdastory.lnk
[2010/05/31 21:10:33 | 000,010,439 | ---- | C] () -- C:\Users\Chris\Documents\Old blog layout.rtf
[2010/05/27 18:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/27 18:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/05/26 20:18:43 | 000,026,624 | ---- | C] () -- C:\Users\Chris\Documents\S4ItemManagerR9h.dll
[2010/05/25 18:37:37 | 000,002,006 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/25 18:35:40 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001UA.job
[2010/05/25 18:35:40 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2417309908-109424311-3726941342-1001Core.job
[2010/05/08 16:16:21 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/05/07 07:03:09 | 000,734,558 | ---- | C] () -- C:\Users\Chris\Documents\P18.exe
[2010/04/29 18:16:53 | 000,627,232 | ---- | C] () -- C:\Users\Chris\Documents\1238286226295.gif
[2010/01/27 12:00:09 | 000,000,538 | ---- | C] () -- C:\Windows\mp3wavcon.ini
[2010/01/27 11:59:34 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/03 15:27:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 15:26:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/29 18:26:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/27 17:40:45 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/27 16:12:57 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/09/27 16:12:57 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/07/09 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitTorrent
[2009/12/25 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations
[2010/01/17 12:12:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/12/02 17:04:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2010/06/28 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2009/10/25 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2009/10/04 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2010/01/10 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010/01/27 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinFF
[2010/07/27 19:39:13 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Looks good :)

Few more scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Results of screen317's Security Check version 0.99.4
Windows Vista (UAC is enabled)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

The Kaspersky thing is taking really long, and should I not be roaming the Internet while my anti-virus protection are down?
 
If you didn't disable TrendMicro firewall, you should be OK, as long, as you don't download anything....
 
Broni, I might have to leave my computer overnight. We'll see, if the scan isn't done in 2 hours I'll have to get back to you by tomorrow. I'm on GMT -7 Mountain Time and I have a final exam tomorrow to write.

Will you be here around 1PM GMT -7? But we'll see if a miracle happens and Kaspersky anti-virus scan finishes in less than 2 hours.
 
By now, you should be pretty much clean, so no worries.

Tomorrow, I should be home in the afternoon (PST), maybe 1-2PM
 
Wow, really? Well if Kaspersky scan shows up clean to you then I'll be the happiest person alive.

And I got this from a friend since this virus has been spreading around like wildfire, and I bet I infected other people, I was to slow to uninstall and close MSN, I'll be sure to send them a link to this site if they need help.

Thanks a lot Broni, your a life saver. :3
 
You're very welcome :)

Even if Kaspersky comes up clean, we'll need to perform one final step, so don't go anywhere :)
 
Broni, if I leave my computer overnight to finish scanning does making it go into Sleep mode okay? My computer isn't in the same room as in where I sleep and I won't ask mother to move the mouse once in a while at night because I know she's mad enough that I got a virus/malware.

Any tips?
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
390
Fastturtle
F
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back