Solved Search.fast-find.net (Google Hijacker/Redirector) and blue screen

Status
Not open for further replies.
OTL.txt

OTL logfile created on: 10/18/2010 6:24:40 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ENDZYM3\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 4215 4215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 77.99 Gb Free Space | 56.95% Space Free | Partition Type: NTFS

Computer Name: ENDZYM3-PC | User Name: ENDZYM3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 18:20:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ENDZYM3\Desktop\OTL.exe
PRC - [2010/10/16 18:19:54 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/12/30 13:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) -- C:\Windows\System32\LxrSII1s.exe
PRC - [2009/12/17 20:10:00 | 000,024,576 | -H-- | M] () -- C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2010/10/18 18:20:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ENDZYM3\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/09/07 19:40:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 16:40:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/30 13:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2009/11/12 10:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\ENDZYM3\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/06 12:24:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/30 10:36:56 | 000,063,448 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========
 
OTL.txt (cont..)

========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 99 83 82 A5 6D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.0.1
FF - prefs.js..extensions.enabledItems: {3335F91D-2AEF-4097-B831-C96C60349822}:1.4.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.2.1
FF - prefs.js..keyword.URL: "http://www.google.com.my/search?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/07/10 12:17:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/10 21:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/23 18:04:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/13 22:21:29 | 000,000,000 | ---D | M]

[2010/09/08 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Extensions
[2010/09/08 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Extensions\Coder Preset
[2010/09/08 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/10/18 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions
[2010/08/13 01:17:55 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/14 14:57:13 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/06 16:46:29 | 000,000,000 | ---D | M] (Leet Key) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
[2010/09/12 19:20:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/10/14 14:57:14 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/10/14 14:57:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/18 10:50:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/08 14:00:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/05 17:59:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/24 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\firebug@software.joehewitt.com
[2010/08/31 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\foxyproxy@eric.h.jung
[2010/09/12 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\personas@christopher.beard
[2010/10/18 12:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/21 23:59:58 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/10/17 16:57:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LxrAutorun] C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)


========== Files/Folders - Created Within 90 Days ==========

[2010/10/18 18:20:48 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\ENDZYM3\Desktop\OTL.exe
[2010/10/18 17:28:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/18 16:59:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/17 16:55:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/17 16:55:10 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\temp
[2010/10/17 15:31:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/17 15:31:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/17 15:31:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/17 15:31:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/17 15:29:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/17 13:24:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/17 08:11:32 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/10/17 08:11:32 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/10/17 08:11:29 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/10/17 08:11:25 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/10/17 08:11:18 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/10/17 08:10:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/10/17 08:10:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/17 08:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/17 07:34:31 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Malwarebytes
[2010/10/17 07:34:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/17 07:34:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/17 07:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware (NEW)
[2010/10/17 07:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/16 19:52:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/10/16 19:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/13 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/10/11 21:12:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/11 19:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/10/10 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Snagit Stamps
[2010/10/07 11:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/07 11:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/10/02 14:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/10/02 12:32:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
[2010/10/02 12:32:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2010/10/02 12:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/09/26 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\.dvdcss
[2010/09/26 16:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2010/09/26 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Microsoft Games
[2010/09/19 17:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/19 17:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/14 13:38:37 | 000,140,288 | ---- | C] (Lexar Media, Inc.) -- C:\Windows\System32\LxrSII1.dll
[2010/09/14 13:38:37 | 000,065,536 | ---- | C] (Lexar Media, Inc.) -- C:\Windows\System32\LxrSII1s.exe
[2010/09/14 13:38:37 | 000,063,448 | ---- | C] (Lexar Media, Inc.) -- C:\Windows\System32\drivers\LxrSII1d.sys
[2010/09/14 13:38:35 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Lexar Media
[2010/09/08 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Broad Intelligence
[2010/09/07 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/06 22:34:21 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Babylon
[2010/09/06 22:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/09/06 22:32:09 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Babylon
[2010/09/06 22:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010/09/06 17:22:49 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Broad Intelligence
[2010/09/06 17:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/09/04 12:06:00 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Crayon Physics Deluxe
[2010/09/04 12:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\WorldOfGoo
[2010/09/04 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Crayon Physics Deluxe
[2010/09/04 02:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Aspell
[2010/09/02 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010/09/02 16:55:31 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2010/09/02 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Image-Line
[2010/09/02 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010/09/02 16:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010/09/02 15:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2010/09/02 15:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 6
[2010/09/02 15:34:09 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Guitar Pro 6
[2010/09/02 01:10:46 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\AVS4YOU
[2010/09/02 01:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/09/02 01:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/09/02 01:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/09/02 00:08:27 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Snagit
[2010/08/31 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/08/31 11:59:37 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Outlook Files
[2010/08/30 03:11:35 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\ClubBing
[2010/08/30 03:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/08/30 02:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010/08/30 02:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/08/30 02:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/08/30 02:26:46 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\TechSmith
[2010/08/30 02:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/08/30 02:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/30 02:11:07 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Google
[2010/08/30 02:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/30 02:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/08/28 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\My Chat Logs
[2010/08/28 23:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/08/28 23:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/08/28 22:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/08/28 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Logitech
[2010/08/28 20:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/08/28 20:06:02 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\SightSpeed Recordings
[2010/08/28 20:06:00 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\LogiShrd
[2010/08/28 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\Leadertech
[2010/08/28 20:02:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2010/08/28 20:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/08/28 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/08/28 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/08/28 19:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/08/27 00:17:21 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Untitled
[2010/08/26 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/08/26 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\MPUISnap
[2010/08/21 23:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Celebrity Toolbar
[2010/08/03 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Roaming\dvdcss
[2010/07/31 12:08:00 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\Documents\Algodoo
[2010/07/31 11:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Algodoo
[2010/07/31 10:54:00 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Dan_Dixon
[2010/07/31 10:53:57 | 000,000,000 | ---D | C] -- C:\Users\ENDZYM3\AppData\Local\Dan Dixon
[2010/07/30 15:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Medieval Software
[2010/07/26 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

========== Files - Modified Within 90 Days ==========

[2010/10/18 18:25:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
[2010/10/18 18:25:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
[2010/10/18 18:20:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ENDZYM3\Desktop\OTL.exe
[2010/10/18 18:16:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/18 16:49:12 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/18 16:49:12 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/17 20:02:14 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 20:02:14 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 19:54:46 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 16:57:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/17 13:23:56 | 409,546,788 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/17 08:11:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/17 08:09:09 | 000,000,580 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101017_080905.reg
[2010/10/17 08:00:54 | 000,000,580 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101017_080045.reg
[2010/10/16 19:59:34 | 000,007,158 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101016_195929.reg
[2010/10/16 19:29:31 | 000,184,328 | ---- | M] () -- C:\Windows\System32\T7M6S0.TAL
[2010/10/16 19:29:31 | 000,177,800 | ---- | M] () -- C:\Windows\System32\T7M6S1.TAL
[2010/10/16 19:29:31 | 000,176,736 | ---- | M] () -- C:\Windows\System32\T7M6S3.TAL
[2010/10/16 19:29:31 | 000,166,456 | ---- | M] () -- C:\Windows\System32\T7M6S2.TAL
[2010/10/16 19:27:52 | 000,164,396 | ---- | M] () -- C:\Windows\System32\0R75L2.TAL
[2010/10/16 19:27:52 | 000,144,404 | ---- | M] () -- C:\Windows\System32\0R75L1.TAL
[2010/10/16 19:27:52 | 000,139,172 | ---- | M] () -- C:\Windows\System32\0R75L3.TAL
[2010/10/16 19:27:52 | 000,138,332 | ---- | M] () -- C:\Windows\System32\0R75L0.TAL
[2010/10/14 13:50:01 | 000,042,759 | ---- | M] () -- C:\Users\ENDZYM3\Desktop\The Netherlands.png
[2010/10/14 13:46:03 | 000,042,983 | ---- | M] () -- C:\Users\ENDZYM3\Desktop\Format for Mailing.png
[2010/10/13 18:43:01 | 003,782,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 18:39:06 | 000,004,656 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101013_183858.reg
[2010/10/12 14:46:34 | 000,001,456 | ---- | M] () -- C:\Users\ENDZYM3\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/12 09:28:55 | 000,000,132 | ---- | M] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/10 00:23:01 | 000,001,999 | ---- | M] () -- C:\Users\ENDZYM3\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2010/10/07 11:10:38 | 000,003,222 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101007_111021.reg
[2010/10/04 03:00:41 | 000,001,225 | ---- | M] () -- C:\Windows\System32\blush censored cum cum_in_mouth fellatio futa_on_female futanari group_sex horns oral orange_eyes pantyhose penis purple_eyes purple_hair school_uniform serafuku sex siblings tail threesome torn_clo.lnk
[2010/10/02 11:54:18 | 000,031,998 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20101002_115413.reg
[2010/09/28 23:59:29 | 000,004,048 | ---- | M] () -- C:\Windows\System32\FireShot capture #025 - 'Facebook I Seth Chase I WANT MY SYSTEM BACK!!!' - www_facebook_com_home_php_#!_profile_php_id=100000990030362&v=wall&story_fbid=153858604646647&ref=notif&notif_t=share_reply.lnk
[2010/09/26 16:07:16 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/23 02:32:29 | 000,000,132 | ---- | M] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/09/19 16:03:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/09/19 16:03:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/09/13 10:18:15 | 000,073,932 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20100913_101809.reg
[2010/09/11 14:09:45 | 000,000,132 | ---- | M] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/30 02:38:58 | 000,199,992 | ---- | M] () -- C:\Windows\_detmp.1
[2010/08/26 22:11:32 | 000,000,098 | ---- | M] () -- C:\Users\ENDZYM3\AppData\Roaming\MPUI.ini
[2010/08/07 22:52:51 | 000,004,056 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20100807_225219.reg
[2010/07/27 08:03:20 | 010,829,656 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | M] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | M] () -- C:\Windows\System32\Repository.reg
[2010/07/25 18:07:43 | 000,015,876 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20100725_180738.reg
[2010/07/25 16:50:15 | 000,033,600 | ---- | M] () -- C:\Users\ENDZYM3\Documents\cc_20100725_165003.reg

========== Files Created - No Company Name ==========

[2010/10/17 15:31:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/17 15:31:37 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/17 15:31:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/17 15:31:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/17 15:31:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/17 13:23:56 | 409,546,788 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/17 08:09:07 | 000,000,580 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101017_080905.reg
[2010/10/17 08:00:48 | 000,000,580 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101017_080045.reg
[2010/10/16 19:59:32 | 000,007,158 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101016_195929.reg
[2010/10/16 19:29:31 | 000,184,328 | ---- | C] () -- C:\Windows\System32\T7M6S0.TAL
[2010/10/16 19:29:31 | 000,177,800 | ---- | C] () -- C:\Windows\System32\T7M6S1.TAL
[2010/10/16 19:29:31 | 000,176,736 | ---- | C] () -- C:\Windows\System32\T7M6S3.TAL
[2010/10/16 19:29:31 | 000,166,456 | ---- | C] () -- C:\Windows\System32\T7M6S2.TAL
[2010/10/16 19:27:52 | 000,164,396 | ---- | C] () -- C:\Windows\System32\0R75L2.TAL
[2010/10/16 19:27:52 | 000,144,404 | ---- | C] () -- C:\Windows\System32\0R75L1.TAL
[2010/10/16 19:27:52 | 000,139,172 | ---- | C] () -- C:\Windows\System32\0R75L3.TAL
[2010/10/16 19:27:52 | 000,138,332 | ---- | C] () -- C:\Windows\System32\0R75L0.TAL
[2010/10/14 13:50:01 | 000,042,759 | ---- | C] () -- C:\Users\ENDZYM3\Desktop\The Netherlands.png
[2010/10/14 13:46:03 | 000,042,983 | ---- | C] () -- C:\Users\ENDZYM3\Desktop\Format for Mailing.png
[2010/10/13 18:39:04 | 000,004,656 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101013_183858.reg
[2010/10/12 14:46:34 | 000,001,456 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/07 11:10:25 | 000,003,222 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101007_111021.reg
[2010/10/04 03:00:41 | 000,001,225 | ---- | C] () -- C:\Windows\System32\blush censored cum cum_in_mouth fellatio futa_on_female futanari group_sex horns oral orange_eyes pantyhose penis purple_eyes purple_hair school_uniform serafuku sex siblings tail threesome torn_clo.lnk
[2010/10/02 11:54:15 | 000,031,998 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20101002_115413.reg
[2010/09/28 23:59:29 | 000,004,048 | ---- | C] () -- C:\Windows\System32\FireShot capture #025 - 'Facebook I Seth Chase I WANT MY SYSTEM BACK!!!' - www_facebook_com_home_php_#!_profile_php_id=100000990030362&v=wall&story_fbid=153858604646647&ref=notif&notif_t=share_reply.lnk
[2010/09/26 16:06:56 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/19 16:03:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/09/19 16:03:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/09/14 13:38:37 | 000,023,934 | -H-- | C] () -- C:\Windows\LxrEncVlt.ico
[2010/09/14 13:38:37 | 000,003,262 | -H-- | C] () -- C:\Windows\LxrSgeEnc.ico
[2010/09/13 10:18:12 | 000,073,932 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20100913_101809.reg
[2010/09/11 14:09:45 | 000,000,132 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/09 18:57:12 | 000,000,132 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/09/08 18:43:52 | 000,199,992 | ---- | C] () -- C:\Windows\_detmp.1
[2010/08/30 02:38:07 | 000,005,727 | ---- | C] () -- C:\Windows\System32\VcakeD.vxd
[2010/08/30 02:27:01 | 000,001,999 | ---- | C] () -- C:\Users\ENDZYM3\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2010/08/30 02:12:44 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
[2010/08/30 02:12:42 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
[2010/08/26 22:11:32 | 000,000,098 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Roaming\MPUI.ini
[2010/08/07 22:52:28 | 000,004,056 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20100807_225219.reg
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | C] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | C] () -- C:\Windows\System32\Repository.reg
[2010/07/25 18:07:41 | 000,015,876 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20100725_180738.reg
[2010/07/25 16:50:06 | 000,033,600 | ---- | C] () -- C:\Users\ENDZYM3\Documents\cc_20100725_165003.reg
[2010/07/13 18:00:20 | 000,000,132 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/26 04:15:22 | 000,000,096 | ---- | C] () -- C:\Users\ENDZYM3\AppData\Roaming\7e0d9dca.dat
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2010/06/29 10:08:10 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\abgx360
[2010/10/13 22:25:00 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Babylon
[2010/09/08 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Broad Intelligence
[2010/09/04 13:17:37 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Crayon Physics Deluxe
[2010/07/10 11:50:50 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\DAEMON Tools Lite
[2010/07/09 12:14:02 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\FireShot
[2010/09/02 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Guitar Pro 6
[2010/06/29 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\ImgBurn
[2010/08/28 20:02:30 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Leadertech
[2010/07/26 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\Rainmeter
[2010/08/26 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/05/15 16:34:06 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\System
[2010/10/16 17:50:34 | 000,000,000 | ---D | M] -- C:\Users\ENDZYM3\AppData\Roaming\uTorrent
[2010/10/17 15:11:58 | 000,020,928 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/24 16:09:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/18 17:29:51 | 000,015,836 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/24 15:22:11 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/10/17 19:54:46 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 11:57:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/11 11:57:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/17 19:54:48 | 124,780,543 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 22:06:02 | 000,007,944 | ---- | M] () -- C:\sqmnoopt00.sqm
[2010/06/24 15:22:12 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 18:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/24 15:20:04 | 000,000,221 | -HS- | M] () -- C:\Users\ENDZYM3\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/18 18:20:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ENDZYM3\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/02 13:02:29 | 000,000,508 | -HS- | M] () -- C:\Users\ENDZYM3\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/26 16:07:16 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 01:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.txt

OTL Extras logfile created on: 10/18/2010 6:24:40 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ENDZYM3\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 4215 4215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 77.99 Gb Free Space | 56.95% Space Free | Partition Type: NTFS

Computer Name: ENDZYM3-PC | User Name: ENDZYM3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{CF119AF4-6943-407F-B416-B4D77E6A7BDD}" = Windows Live Sync ActiveX Control for Remote Connections
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3700370-62E5-446C-A6A5-FF5F7C7D42CD}" = Mouse Driver
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Algodoo_is1" = Algodoo v1.7.1
"ArenaSetup_is1" = Arena
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Babylon" = Babylon
"Cakewalk Rapture_is1" = Rapture 1.0
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"DaggerfallSetup_is1" = Daggerfall
"FL Studio 9" = FL Studio 9
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Hardcore" = Hardcore
"IconPackager" = IconPackager
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{F3700370-62E5-446C-A6A5-FF5F7C7D42CD}" = Mouse Driver
"Intelli-studio" = SAMSUNG Intelli-studio
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.5.4740
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PoiZone" = PoiZone
"Rainmeter" = Rainmeter (remove only)
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL scan

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ENDZYM3
->Temp folder emptied: 9137 bytes
->Temporary Internet Files folder emptied: 435902 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 103535423 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1258 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1686 bytes
RecycleBin emptied: 4811411 bytes

Total Files Cleaned = 105.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ENDZYM3
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10182010_210732

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Security Check

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
ESET scan

C:\Qoobox\Quarantine\C\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe.vir a variant of Win32/Kryptik.HLP trojan
C:\Qoobox\Quarantine\C\Users\ENDZYM3\AppData\Roaming\Ymfel\syas.exe.vir a variant of Win32/Kryptik.HLP trojan
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Syixob\iqaz.exe.vir a variant of Win32/Kryptik.HLP trojan

I'm guessing these aren't false positives! D:
 
No, but they're already in Combofix quarantine folder (safe).
That folder will be removed in our next, last step....


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
OTL Scan

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ENDZYM3
->Temp folder emptied: 724949 bytes
->Temporary Internet Files folder emptied: 2331341 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28830258 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 681 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2294 bytes
RecycleBin emptied: 2306627900 bytes

Total Files Cleaned = 2,230.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ENDZYM3
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.15.2 log created on 10192010_190427

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Ahh! All is well!
Sorry it took so long for the reply (no internet again), but everything looks good.
I followed your advice and downloaded those programs even. :D

Once again, thank you, thank you, thank you. :)


Thank you. :)
 
Cool
dancing_dude.gif

Good luck and stay safe :)
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back