TechSpot

Security Suite 2012, ping.exe, and "Acquiring network adress"

Solved
By GroovyGrover
Nov 8, 2011
  1. Was running Avast, Tea Timer, and Ad-Aware real-time protection. ZoneAlarm as well.


    Was playing the MMO Fallen Earth and had Firefox open to the FE wiki. Suddenly started getting pop-up windows of "Security Suite 2012" fake spyware warnings. Avast continued to block but allow them to open in a 'virtual environment.' Had to alt-tab-del to finally close it. Zonealarm getting many warnings and asking permission for me to allow various things. (which I didn't)

    Updated all my stuff and ran scans. Malewarebytes found 4 files corresponding to what Avira was blocking. Deleted them and restarted.

    Upon restart, Avast was constantly blocking stuff coming from System32 \ ping.exe
    Also, my connection is now saying "Acquiring network address."

    Tried to run your 5 steps. The DDS would not run, thinking it was an autocad file. Uninstalled autocad, still wouldn't run. Couldn't re-assign what program to run it.

    Now, I am constantly being hit with "Threat Has Been Detected" with avast, from the system 32 \ ping.exe.


    Maleware log



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8120

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/8/2011 5:28:19 PM
    mbam-log-2011-11-08 (17-28-19).txt

    Scan type: Quick scan
    Objects scanned: 195844
    Time elapsed: 4 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Gmer log



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-08 18:03:25
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAJS-00L7A0 rev.01.03E01
    Running: 1n3eyusu.exe; Driver: C:\DOCUME~1\ROYGR~1\LOCALS~1\Temp\pgtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0943D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0943BC5]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB09C39A6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 8A7081F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  3. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    I'm posting this from my brother's computer. I can no longer type anything, not a single letter, into any field, including the address bar, search fields, etc., in either IE or Firefox.


    Avast also gave 2 different warnings that it blocked a RootKit.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Assuming you have USB flash drive to get some tools on your brother computer and move them to bad computer....

    FIRST, to protect your brother computer install this on it....
    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer

    =======================================================================

    Then download the following on your brother computer and move it to bad computer...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Thanks.

    Is it okay to copy these onto a CD and transport them to my system that way? (and if so, then do I need to mess with "Flash Disinfector?)

    Also, what are "ScriptBlockers?"

    Finally, is "Rkill" only to be used if I have a problem with running ComboFix?


    Thanks!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Yes.

    CD will be fine.
    If CDR will be used the you don't need "Flash Disinfector".
    If CDRW will be used (in case we need to transfer more tools) then yes you need to install "Flash Disinfector".

    Regarding script blockers....do you use Spybot, or Windows Defender (on bad computer)?
     
  7. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Used services.msc and/or MsConfig to disable or shut down Zalarm, Tea Timer, Ad-Aware, and Avast. Ran ComboFix. It said Avast was still running, so I uninstalled it. ComboFix installed Recovery Console. ComboFix then ran, said it found rootkit activity, and restarted my system 2-3 times during the process.

    The last time, Zalarm and TeaTimer loaded into the tray. (not sure if that's relevant) Anyhow, ComboFix apparently stalled at this point (around 45 min after initial start of scan). Had to sleep, so did a hard shut-down. (thus no log file from that scan)

    Got up this morning, ran ComboFix again, it ran all the processes and scans w/o restarting. Got the log file. (renamed my formal name to "NAME" in the file; please let me know if there's other private info I missed and should edit out)

    PS. keyboard was still unresponsive, so I unistalled the driver, restarted system, now can type again. Posting this from my system.

    Thanks for your efforts thus far!

    COMBO FIX LOG FILE PASTED:


    ComboFix 11-11-08.02 - NAME 11/09/2011 4:36.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2901 [GMT -5:00]
    Running from: c:\documents and settings\NAME\Desktop\ComboFix.exe
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Install.exe
    c:\windows\$NtUninstallKB6656$\2015203412
    c:\windows\$NtUninstallKB6656$\522781993\@
    c:\windows\$NtUninstallKB6656$\522781993\bckfg.tmp
    c:\windows\$NtUninstallKB6656$\522781993\cfg.ini
    c:\windows\$NtUninstallKB6656$\522781993\Desktop.ini
    c:\windows\$NtUninstallKB6656$\522781993\keywords
    c:\windows\$NtUninstallKB6656$\522781993\kwrd.dll
    c:\windows\$NtUninstallKB6656$\522781993\L\vnetlxsi
    c:\windows\$NtUninstallKB6656$\522781993\lsflt7.ver
    c:\windows\$NtUninstallKB6656$\522781993\U\00000001.@
    c:\windows\$NtUninstallKB6656$\522781993\U\00000002.@
    c:\windows\$NtUninstallKB6656$\522781993\U\00000004.@
    c:\windows\$NtUninstallKB6656$\522781993\U\80000000.@
    c:\windows\$NtUninstallKB6656$\522781993\U\80000004.@
    c:\windows\$NtUninstallKB6656$\522781993\U\80000032.@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-09 00:11 . 2011-11-09 00:18 -------- d-----w- c:\documents and settings\NAME\Local Settings\Application Data\ZoneAlarm_Security
    2011-11-09 00:11 . 2011-11-09 00:11 -------- d-----w- c:\program files\ZoneAlarm_Security
    2011-11-09 00:11 . 2010-11-16 22:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
    2011-11-09 00:11 . 2010-11-16 22:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
    2011-11-09 00:10 . 2011-11-09 00:12 -------- d-----w- c:\windows\system32\ZoneLabs
    2011-11-09 00:10 . 2010-11-16 22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2011-11-09 00:10 . 2011-11-09 00:10 -------- d-----w- c:\program files\Zone Labs
    2011-11-08 22:56 . 2011-11-09 09:34 -------- d-----w- c:\windows\Internet Logs
    2011-11-08 19:52 . 2011-11-08 19:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\adawaretb
    2011-11-08 18:56 . 2011-11-08 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
    2011-11-08 18:56 . 2011-11-08 18:56 -------- d-----w- c:\program files\Toolbar Cleaner
    2011-11-08 18:55 . 2011-11-09 00:17 -------- d-----w- c:\documents and settings\NAME\Application Data\adawaretb
    2011-11-08 18:55 . 2011-11-08 18:56 -------- d-----w- c:\program files\adawaretb
    2011-11-08 18:43 . 2011-11-08 18:43 -------- d-----w- c:\documents and settings\NAME\Application Data\UjjjYCwwkIrOtA
    2011-11-08 18:43 . 2011-11-08 18:43 -------- d-----w- c:\documents and settings\NAME\Application Data\CjjYYCekIVrzNyA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-21 20:38 . 2011-05-16 14:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 21:00 . 2009-12-22 21:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-28 21:13 . 2010-12-20 16:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2011-08-28 21:13 . 2010-12-20 16:48 17212 ----atw- c:\windows\system32\SIntf32.dll
    2011-08-28 21:13 . 2010-12-20 16:48 12067 ----atw- c:\windows\system32\SIntf16.dll
    2011-08-22 23:48 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-16 13881960]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2009-06-05 06:39 33628160 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
    2010-11-05 11:41 738808 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2011-01-16 20:33 13881960 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2011-01-16 20:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-06-23 16:01 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
    "c:\\Program Files\\Electronic Arts\\Mass Effect™ 2\\MassEffect2Launcher.exe"=
    "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
    "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\adawaretb\\dtUser.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57294:TCP"= 57294:TCP:pando Media Booster
    "57294:UDP"= 57294:UDP:pando Media Booster
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/5/2010 1:31 PM 691696]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/5/2010 6:41 AM 26872]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/22/2009 1:06 PM 1374464]
    S0 cerc6;cerc6; [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 3:07 PM 25832]
    S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/5/2010 6:41 AM 488952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RPCQT
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hotmail.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.1
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\NAME\Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NWEReboot - (no file)
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-nwiz - nwiz.exe
    AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files\Electronic Arts\The Lord of the Rings
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-09 04:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(756)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(560)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-11-09 04:46:43
    ComboFix-quarantined-files.txt 2011-11-09 09:46
    .
    Pre-Run: 34,851,729,408 bytes free
    Post-Run: 34,805,919,744 bytes free
    .
    - - End Of File - - 0B45ADC27382D1FA02444488C5BB7835
     
  8. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    I guess I should add that everything at least appears to be functioning normally now. (keyboard, network connection, Avast not constantly having pop-up windows, etc)
     
  9. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Good job :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\NAME\Application Data\UjjjYCwwkIrOtA
    c:\documents and settings\NAME\Application Data\CjjYYCekIVrzNyA
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Here are those results:



    ComboFix 11-11-08.02 - NAME 11/09/2011 11:58:11.3.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2920 [GMT -5:00]
    Running from: c:\documents and settings\NAME\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\NAME\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-08 19:52 . 2011-11-08 19:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\adawaretb
    2011-11-08 18:56 . 2011-11-08 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
    2011-11-08 18:56 . 2011-11-08 18:56 -------- d-----w- c:\program files\Toolbar Cleaner
    2011-11-08 18:55 . 2011-11-09 11:56 -------- d-----w- c:\documents and settings\NAME\Application Data\adawaretb
    2011-11-08 18:55 . 2011-11-08 18:56 -------- d-----w- c:\program files\adawaretb
    2011-11-08 18:43 . 2011-11-08 18:43 -------- d-----w- c:\documents and settings\NAME\Application Data\UjjjYCwwkIrOtA
    2011-11-08 18:43 . 2011-11-08 18:43 -------- d-----w- c:\documents and settings\NAME\Application Data\CjjYYCekIVrzNyA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-21 20:38 . 2011-05-16 14:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2009-12-22 17:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 21:00 . 2009-12-22 21:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-28 21:13 . 2010-12-20 16:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2011-08-28 21:13 . 2010-12-20 16:48 17212 ----atw- c:\windows\system32\SIntf32.dll
    2011-08-28 21:13 . 2010-12-20 16:48 12067 ----atw- c:\windows\system32\SIntf16.dll
    2011-08-22 23:48 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-09_09.45.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    - 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    - 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2011-11-09 16:56 . 2011-11-09 16:56 16384 c:\windows\Temp\Perflib_Perfdata_278.dat
    - 2008-04-14 12:00 . 2011-11-09 09:34 88450 c:\windows\system32\perfc009.dat
    + 2008-04-14 12:00 . 2011-11-09 17:00 88450 c:\windows\system32\perfc009.dat
    + 2011-11-09 12:15 . 2011-11-09 12:15 19968 c:\windows\Installer\4795de.msi
    + 2009-12-22 23:48 . 2011-11-09 12:16 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2009-12-22 23:48 . 2011-10-20 20:06 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2009-12-22 23:48 . 2011-10-20 20:06 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2009-12-22 23:48 . 2011-11-09 12:16 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2011-10-20 20:08 . 2011-10-20 20:08 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2011-11-09 12:16 . 2011-11-09 12:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-03-22 23:07 . 2007-03-22 23:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
    + 2007-03-22 23:07 . 2007-03-22 23:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
    + 2007-03-22 23:05 . 2007-03-22 23:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
    + 2007-03-22 23:13 . 2007-03-22 23:13 23904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL
    + 2007-03-22 23:07 . 2007-03-22 23:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
    + 2007-03-22 23:07 . 2007-03-22 23:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
    + 2009-12-22 23:48 . 2011-11-09 12:16 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2009-12-22 23:48 . 2011-10-20 20:06 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-04-14 12:00 . 2011-11-09 09:34 502670 c:\windows\system32\perfh009.dat
    + 2008-04-14 12:00 . 2011-11-09 17:00 502670 c:\windows\system32\perfh009.dat
    - 2009-12-22 17:56 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-12-22 17:56 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2010-11-12 16:08 . 2010-11-12 16:08 889344 c:\windows\Installer\479548.msp
    + 2009-09-09 20:40 . 2009-09-09 20:40 632320 c:\windows\Installer\479430.msp
    + 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\479392.msp
    + 2009-12-22 23:48 . 2011-11-09 12:16 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2009-12-22 23:48 . 2011-10-20 20:06 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2009-12-22 23:48 . 2011-10-20 20:06 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
    + 2009-12-22 23:48 . 2011-11-09 12:16 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2009-12-22 23:30 . 2011-11-09 12:19 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2009-12-22 23:30 . 2011-10-20 20:20 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-10-20 20:05 . 2011-10-20 20:05 464272 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
    + 2007-05-10 18:35 . 2007-05-10 18:35 120160 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
    + 2002-12-31 12:00 . 2002-12-31 12:00 141360 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\ATP.DLL
    + 2007-03-22 23:22 . 2007-03-22 23:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
    + 2007-05-10 17:34 . 2007-05-10 17:34 562528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
    + 2007-05-31 17:36 . 2007-05-31 17:36 612184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
    + 2007-05-31 17:35 . 2007-05-31 17:35 133976 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
    + 2007-05-31 17:42 . 2007-05-31 17:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
    + 2007-04-19 17:53 . 2007-04-19 17:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
    + 2007-01-17 00:32 . 2007-01-17 00:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
    + 2007-04-19 17:54 . 2007-04-19 17:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
    + 2011-10-20 20:07 . 2011-10-20 20:07 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
    + 2007-04-19 18:09 . 2007-04-19 18:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
    + 2007-04-19 17:53 . 2007-04-19 17:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
    + 2007-04-19 17:54 . 2007-04-19 17:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
    + 2011-10-20 20:07 . 2011-10-20 20:07 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IPATHPIA.DLL
    + 2002-12-31 12:00 . 2002-12-31 12:00 141360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
    + 2011-11-09 12:10 . 2011-11-09 12:10 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    + 2011-11-09 12:12 . 2011-11-09 12:12 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    - 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL
    + 2011-11-03 18:31 . 2011-11-03 18:31 5525504 c:\windows\Installer\479666.msp
    + 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\479650.msp
    + 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\479647.msp
    + 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\47963e.msp
    + 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\479614.msp
    + 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\4795ea.msp
    + 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\4795d7.msp
    + 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\4795ba.msp
    + 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\4795ad.msp
    + 2011-04-29 17:30 . 2011-04-29 17:30 1197056 c:\windows\Installer\479595.msp
    + 2010-10-22 20:45 . 2010-10-22 20:45 8444928 c:\windows\Installer\47958c.msp
    + 2010-10-02 02:53 . 2010-10-02 02:53 4147712 c:\windows\Installer\479575.msp
    + 2010-08-23 22:09 . 2010-08-23 22:09 7673344 c:\windows\Installer\479535.msp
    + 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\47951f.msp
    + 2010-08-05 15:57 . 2010-08-05 15:57 4066304 c:\windows\Installer\479516.msp
    + 2010-08-25 22:06 . 2010-08-25 22:06 6479360 c:\windows\Installer\4794dc.msp
    + 2010-06-11 22:55 . 2010-06-11 22:55 1827328 c:\windows\Installer\4794ce.msp
    + 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\4794b4.msp
    + 2010-03-30 17:34 . 2010-03-30 17:34 3826688 c:\windows\Installer\479494.msp
    + 2009-10-16 23:07 . 2009-10-16 23:07 6115328 c:\windows\Installer\47946a.msp
    + 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\47945d.msp
    + 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\479423.msp
    + 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\479406.msp
    + 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\4793e5.msp
    + 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\4793c2.msp
    + 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\47939e.msp
    + 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\479368.msp
    + 2007-05-09 21:19 . 2007-05-09 21:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
    + 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
    + 2007-03-14 17:10 . 2007-03-14 17:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
    + 2007-04-19 18:09 . 2007-04-19 18:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
    + 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\FM20.DLL
    + 2007-04-19 17:49 . 2007-04-19 17:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
    + 2007-05-31 17:35 . 2007-05-31 17:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    + 2007-05-31 17:43 . 2007-05-31 17:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
    + 2007-05-10 17:35 . 2007-05-10 17:35 6747480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
    + 2007-05-10 17:43 . 2007-05-10 17:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
    + 2007-04-30 18:57 . 2007-04-30 18:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
    + 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
    + 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
    + 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OGL.DLL
    + 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2009-12-22 19:51 . 2011-11-09 12:17 50295240 c:\windows\system32\MRT.exe
    + 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\479621.msp
    + 2010-06-11 22:52 . 2010-06-11 22:52 45542912 c:\windows\Installer\4794cf.msp
    + 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\4793c3.msp
    + 2007-06-18 21:16 . 2007-06-18 21:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.8173\MSO.DLL
    + 2007-05-31 17:37 . 2007-05-31 17:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
    + 2007-05-31 17:41 . 2007-05-31 17:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
    + 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
    + 2009-04-03 22:46 . 2009-04-03 22:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\MSO.DLL
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-16 13881960]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2009-06-05 06:39 33628160 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2011-01-16 20:33 13881960 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2011-01-16 20:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-06-23 16:01 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
    "c:\\Program Files\\Electronic Arts\\Mass Effect™ 2\\MassEffect2Launcher.exe"=
    "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
    "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\adawaretb\\dtUser.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57294:TCP"= 57294:TCP:pando Media Booster
    "57294:UDP"= 57294:UDP:pando Media Booster
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/5/2010 1:31 PM 691696]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/22/2009 1:06 PM 1374464]
    S0 cerc6;cerc6; [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 3:07 PM 25832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RPCQT
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.1
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\NAME\Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-09 12:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(736)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2500)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-11-09 12:07:39
    ComboFix-quarantined-files.txt 2011-11-09 17:07
    ComboFix2.txt 2011-11-09 09:46
    .
    Pre-Run: 33,534,328,832 bytes free
    Post-Run: 33,534,369,792 bytes free
    .
    - - End Of File - - C167238EF8A6B05FB26287E944D4DE9C
     
  11. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Ok, I first accidentally hit the regular 'Scan' instead of 'Quick Scan.' Anyhow, fearing excessively long files, I ran the Quick Scan twice, but those 2 times, it never gave me the 'Extras' log file, so the "OTL" is from the Quick, but the "Extras" is from the first Full Scan.



    =============================


    OTL logfile created on: 11/9/2011 3:42:52 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\NAME \Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 80.13% Memory free
    5.09 Gb Paging File | 4.59 Gb Available in Paging File | 90.18% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 273.44 Gb Total Space | 30.68 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
    Drive F: | 19.77 Gb Total Space | 5.89 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

    Computer Name: NAME | User Name: NAME | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/09 15:18:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAME \Desktop\OTL.exe
    PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010/11/16 17:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/11/05 06:41:52 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2010/11/05 06:41:48 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/06 19:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/09 12:04:33 | 001,612,800 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110901\algo.dll
    MOD - [2011/11/09 10:46:08 | 000,240,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110901\aswRep.dll
    MOD - [2011/11/09 03:07:37 | 001,611,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110900\algo.dll
    MOD - [2011/11/07 10:19:30 | 000,240,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11110900\aswRep.dll
    MOD - [2010/07/04 16:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
    MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/07/13 11:25:20 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/11/05 06:41:52 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/11/05 06:41:44 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2010/01/07 19:59:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/06/23 11:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/06/02 03:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2009/05/25 02:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/02/14 01:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
    DRV - [2007/12/17 04:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
    DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-823518204-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-823518204-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the Web"
    FF - prefs.js..browser.search.order.1: "Search the Web"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
    FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\NAME \Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/09 12:39:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/09 12:21:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/27 16:06:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 15:06:06 | 000,000,000 | ---D | M]

    [2009/12/22 13:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Extensions
    [2009/12/22 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\extensions
    [2009/12/22 13:43:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2011/11/09 12:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions
    [2010/04/27 11:34:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/26 22:29:44 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2011/11/08 13:56:01 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    [2010/08/29 19:13:55 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2011/11/04 04:12:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/12/22 18:04:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2011/06/23 14:32:32 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\extensions\DTToolbar@toolbarnet.com
    [2009/08/18 23:04:17 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\Profiles\q6tgcfqa.default\searchplugins\daemon-search.xml
    [2011/11/09 12:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 10:05:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/19 12:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/18 10:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/09 14:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/01 05:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/11/09 12:21:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/11/09 12:39:47 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
    [2010/04/01 10:25:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml

    O1 HOSTS File: ([2011/11/08 21:19:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-823518204-861567501-725345543-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\S-1-5-21-823518204-861567501-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-21-823518204-861567501-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261508801093 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1319138256109 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D29C5B03-7ACC-4E78-BD66-850E74D9A7E7}: DhcpNameServer = 10.0.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\NAME \Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\NAME \Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/13 11:07:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/12/22 12:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: RPCQT - File not found
    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dv25 - C:\WINDOWS\System32\DigiVCap.DLL (Matrox Electronic Systems)
    Drivers32: vidc.dv50 - C:\WINDOWS\System32\DigiVCap.DLL (Matrox Electronic Systems)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\DigiVCap.DLL (Matrox Electronic Systems)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\DigiVCap.DLL (Matrox Electronic Systems)
    Drivers32: vidc.mmes - C:\WINDOWS\System32\DigiVCap.DLL (Matrox Electronic Systems)
    Drivers32: VIDC.RAYL - C:\WINDOWS\System32\raylightUltra.dll (DVFilm)
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/09 15:18:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NAME \Desktop\OTL.exe
    [2011/11/09 12:20:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/11/09 12:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/11/09 12:16:00 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/11/09 12:15:59 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/11/09 12:15:57 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/11/09 12:15:56 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/11/09 12:15:56 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/11/09 12:15:55 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/11/09 12:15:55 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/11/09 12:15:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/11/09 12:15:40 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/11/09 12:15:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/11/09 12:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
    [2011/11/09 12:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
    [2011/11/09 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2011/11/09 11:56:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2011/11/08 21:01:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/08 20:54:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/08 20:54:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/08 20:54:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/08 20:54:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/08 20:52:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/08 20:50:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/08 20:45:19 | 004,286,253 | R--- | C] (Swearware) -- C:\Documents and Settings\NAME \Desktop\ComboFix.exe
    [2011/11/08 18:40:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NAME \Recent
    [2011/11/08 17:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Desktop\virus
    [2011/11/08 17:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/11/08 15:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/11/08 14:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb
    [2011/11/08 13:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2011/11/08 13:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2011/11/08 13:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Application Data\adawaretb
    [2011/11/08 13:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
    [2011/11/08 13:55:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/11/08 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Application Data\UjjjYCwwkIrOtA
    [2011/11/08 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Application Data\CjjYYCekIVrzNyA
    [2011/10/20 15:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/09 15:18:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAME \Desktop\OTL.exe
    [2011/11/09 12:27:17 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/09 12:27:17 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/09 12:23:24 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/09 12:22:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/09 12:21:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/11/09 12:14:55 | 000,000,367 | RHS- | M] () -- C:\boot.ini
    [2011/11/09 12:09:39 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2011/11/09 12:08:58 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/11/08 21:19:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/08 18:48:35 | 000,000,251 | ---- | M] () -- C:\Boot.bak
    [2011/11/08 18:37:34 | 001,586,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/11/08 15:26:28 | 004,286,253 | R--- | M] (Swearware) -- C:\Documents and Settings\NAME \Desktop\ComboFix.exe
    [2011/11/07 14:15:57 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/11/07 14:15:57 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/11/01 18:59:58 | 000,928,455 | ---- | M] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.54.0.3_2011-11-01-23-59.dmp
    [2011/10/22 07:58:24 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\NAME \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/21 23:35:50 | 001,174,842 | ---- | M] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.54.0.3_2011-10-22-04-35.dmp
    [2011/10/21 21:23:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/10/10 21:30:51 | 000,437,835 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111108-134722.backup
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/09 12:08:51 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
    [2011/11/08 21:01:10 | 000,000,251 | ---- | C] () -- C:\Boot.bak
    [2011/11/08 21:01:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/11/08 20:54:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/08 20:54:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/08 20:54:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/08 20:54:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/08 20:54:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/01 18:59:58 | 000,928,455 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.54.0.3_2011-11-01-23-59.dmp
    [2011/10/21 23:35:49 | 001,174,842 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.54.0.3_2011-10-22-04-35.dmp
    [2011/07/13 11:50:07 | 000,411,132 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-861567501-725345543-1003-0.dat
    [2011/07/13 11:50:06 | 000,411,132 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/07/13 11:26:21 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/06/02 11:29:26 | 000,253,464 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/06/02 11:29:24 | 000,253,464 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/06/02 11:29:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/06/02 11:28:56 | 002,293,138 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2011/05/24 10:40:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2011/05/24 10:40:43 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/05/24 10:40:43 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/05/24 10:40:42 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/04/25 03:34:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/04/25 03:34:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2010/12/20 11:48:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/12/20 11:48:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/12/20 11:48:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/12/20 11:10:04 | 000,035,696 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
    [2010/11/30 21:35:32 | 000,001,844 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
    [2010/11/30 21:35:30 | 000,001,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
    [2010/11/30 21:35:28 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
    [2010/11/30 21:35:26 | 000,011,473 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
    [2010/11/30 21:35:20 | 000,001,206 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat
    [2010/11/30 21:35:18 | 000,003,008 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
    [2010/11/30 21:35:10 | 000,003,065 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
    [2010/11/30 21:35:02 | 000,003,153 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    [2010/11/30 21:34:55 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
    [2010/11/30 21:34:47 | 000,002,987 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2010/11/30 21:33:56 | 000,012,496 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2010/11/30 21:33:51 | 000,018,032 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2010/11/30 21:33:30 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
    [2010/11/30 21:33:14 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
    [2010/11/30 21:32:58 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
    [2010/11/30 21:32:44 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
    [2010/11/30 21:32:35 | 000,002,897 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
    [2010/11/30 21:32:20 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
    [2010/11/30 21:31:46 | 000,002,843 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
    [2010/11/30 21:31:24 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
    [2010/11/30 21:30:57 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
    [2010/11/30 21:28:54 | 000,510,840 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2010/11/30 21:28:54 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp CD Writer.dat
    [2010/11/10 19:58:37 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2010/08/31 20:01:17 | 000,001,008 | ---- | C] () -- C:\WINDOWS\STA2.ini
    [2010/07/07 13:03:07 | 000,302,889 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.47.3.0_2010-07-07-18-03.dmp
    [2010/05/13 18:25:00 | 000,302,918 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.47.0.11_2010-05-13-23-25.dmp
    [2010/05/12 16:56:12 | 000,504,841 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.47.0.11_2010-05-12-21-56.dmp
    [2010/05/11 08:40:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/05/02 21:46:14 | 000,193,969 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\Fallen Earth_2.46.0.5_2010-05-03-02-46.dmp
    [2010/04/23 07:41:39 | 000,144,915 | ---- | C] () -- C:\Documents and Settings\NAME \Application Data\icarus-dxdiag.xml
    [2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2010/03/17 15:07:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Sfc3ng.ini
    [2010/03/16 18:35:57 | 000,001,146 | ---- | C] () -- C:\WINDOWS\EFXP.ini
    [2010/03/16 18:31:18 | 000,000,982 | ---- | C] () -- C:\WINDOWS\EF.ini
    [2010/02/04 22:08:25 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/01/03 13:32:39 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
    [2010/01/03 13:29:44 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
    [2009/12/26 19:55:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/12/22 22:17:20 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\NAME \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/22 18:30:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/12/22 15:45:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/12/22 13:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/12/22 13:20:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/22 13:11:55 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2009/12/22 13:11:55 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2009/12/22 13:11:18 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2009/12/22 13:03:45 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2009/12/22 13:03:39 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
    [2009/12/22 13:03:32 | 000,030,611 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009/12/22 13:03:32 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009/12/22 13:00:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/12/22 12:56:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/12/22 07:48:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/12/22 07:46:50 | 001,586,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 07:00:00 | 000,502,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 07:00:00 | 000,088,450 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2007/06/27 16:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
    [2007/06/08 08:10:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
    [2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/12/31 07:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
     
  13. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    ========== LOP Check ==========

    [2011/11/08 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2011/11/08 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/11/09 12:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/12/23 03:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
    [2010/01/07 19:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/03/12 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2011/04/05 23:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2009/12/22 15:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
    [2010/01/03 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
    [2010/11/16 18:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/05/07 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2011/07/31 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/01/03 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2011/11/09 06:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\adawaretb
    [2011/07/13 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Autodesk
    [2010/07/28 21:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Bioshock2
    [2010/07/02 05:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\CheckPoint
    [2011/11/08 13:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\CjjYYCekIVrzNyA
    [2010/01/05 13:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\DAEMON Tools Lite
    [2011/07/24 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\dBpoweramp
    [2010/01/03 13:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Final Draft
    [2009/12/22 13:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Foxit
    [2010/04/06 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Foxit Software
    [2010/12/26 23:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\My Battle for Middle-earth Files
    [2011/01/01 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\My Battle for Middle-earth(tm) II Files
    [2011/08/07 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
    [2011/05/07 18:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\NCH Swift Sound
    [2010/01/03 16:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\NetMedia Providers
    [2011/04/12 21:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Petroglyph
    [2010/01/03 14:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Publish Providers
    [2010/01/11 19:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\Sony
    [2010/01/05 18:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\SorensonMedia
    [2010/06/28 09:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\SystemRequirementsLab
    [2011/11/08 13:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\UjjjYCwwkIrOtA
    [2011/11/08 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAME \Application Data\uTorrent
    [2010/05/25 16:58:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NAME \Application Data\wyUpdate AU
    [2011/11/08 14:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/11/08 17:55:14 | 000,222,575 | ---- | M] () -- C:\aaw7boot.log
    [2009/12/22 12:58:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/11/08 18:48:35 | 000,000,251 | ---- | M] () -- C:\Boot.bak
    [2011/11/09 12:14:55 | 000,000,367 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/11/09 12:07:39 | 000,036,119 | ---- | M] () -- C:\ComboFix.txt
    [2009/12/22 12:58:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/04/11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
    [2008/04/11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
    [2008/04/11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
    [2008/04/11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
    [2008/04/11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
    [2008/04/11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
    [2008/04/11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
    [2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
    [2008/04/11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
    [2008/04/11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
    [2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/04/22 16:12:04 | 000,000,079 | ---- | M] () -- C:\ifsverifylog.txt
    [2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/12/22 12:58:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/05 00:09:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/12/22 12:58:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/07/11 18:35:42 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
    [2006/07/11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
    [2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/11/09 12:22:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/24 01:08:12 | 001,430,494 | ---- | M] () -- C:\shared.log
    [2011/11/08 16:41:43 | 000,001,736 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_16.41.39_log.txt
    [2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/12/22 12:58:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/12/22 07:45:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/12/22 07:45:00 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/12/22 07:45:00 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >
    [2010/10/13 15:45:27 | 000,000,000 | ---D | M] -- C:\Program Files\Civilization V Deluxe Edition\bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/12/22 12:58:48 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/22 13:02:23 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\NAME \Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/12/22 13:02:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\NAME \Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/08 15:26:28 | 004,286,253 | R--- | M] (Swearware) -- C:\Documents and Settings\NAME \Desktop\ComboFix.exe
    [2011/11/09 15:18:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAME \Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/12/22 13:02:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\NAME \Favorites\Desktop.ini
    [2011/05/07 18:25:52 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\NAME \Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/11/09 15:39:45 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\NAME \Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2011/11/08 18:17:32 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\WINDOWS\Installer\Luc.exe
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/04/14 07:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2008/04/14 07:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  14. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 11/9/2011 3:19:49 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\NAME\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 82.39% Memory free
    5.09 Gb Paging File | 4.65 Gb Available in Paging File | 91.29% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 273.44 Gb Total Space | 30.76 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
    Drive F: | 19.77 Gb Total Space | 5.89 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

    Computer Name: NAME| User Name: NAME | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "57294:TCP" = 57294:TCP:*:Enabled:pando Media Booster
    "57294:UDP" = 57294:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "57294:TCP" = 57294:TCP:*:Enabled:pando Media Booster
    "57294:UDP" = 57294:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe" = C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled:Dragon Age II -- (BioWare)
    "C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe" = C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Launcher -- (BioWare)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe" = C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold -- ()
    "C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader Extreme -- ( )
    "C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
    "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
    "C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
    "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:${SafeProductName} ${FirewallName_Launcher} -- (BioWare)
    "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:${SafeProductName} ${FirewallName_Game} -- (BioWare)
    "C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
    "C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
    "C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM) -- (Lucasfilm Entertainment Company, Ltd.)
    "C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM) -- (Lucasfilm Entertainment Company, Ltd.)
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
    "C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
    "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
    "C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
    "C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe" = C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 - Launcher -- (BioWare)
    "C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
    "C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
    "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
    "{4ADF5E38-4917-4BAA-A4E5-1FB46380276B}" = Wasteland Cartographer
    "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
    "{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
    "{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{55CE417E-BCB2-47B6-86B5-B40860D81033}" = Nero 7 Essentials
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
    "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
    "{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.0
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
    "{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
    "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82448C0D-FB2A-4E10-9F2C-F404F067A85B}" = Fallen Earth
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
    "{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
    "{8BCC07D2-4841-4450-81AA-A074C0969C44}_is1" = Civilization V Deluxe Edition
    "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{ADAFA5AC-9824-4DBA-B66B-7EB2870E1CD6}" = BIAS SoundSoap SM
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.71
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.71
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
    "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
    "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DBE73977-170A-4742-AB28-CA41B06A63AA}_is1" = The Witcher Enhanced Edition
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "7-Zip" = 7-Zip 9.20
    "adawaretb" = Ad-Aware Security Toolbar
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
    "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
    "Age of Mythology 1.0" = Age of Mythology
    "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
    "Ask Toolbar_is1" = Foxit Toolbar
    "ATMA V" = ATMA V 5.04d
    "avast" = avast! Free Antivirus
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "Champions Online" = Champions Online
    "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
    "dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
    "dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
    "dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
    "dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
    "dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
    "dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
    "dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
    "dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
    "dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
    "dBpoweramp CD Writer" = dBpoweramp CD Writer
    "dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
    "dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
    "dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
    "dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
    "dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "Diablo II" = Diablo II
    "DigiCodec" = Matrox VFW Software Codecs
    "DivX Setup.divx.com" = DivX Setup
    "Dominion Ultimate EXTENTION(Ver. 1.4) Mod" = Dominion Ultimate EXTENTION(Ver. 1.4) Mod
    "Dominion Ultimate!" = Dominion Ultimate!
    "Dragon Age 2 - LEGACY 1.03" = Dragon Age 2 - LEGACY 1.03
    "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EA Installer.1522122559" = EA Installer
    "EADM" = EA Download Manager
    "Foxit Reader" = Foxit Reader
    "Fraps" = Fraps (remove only)
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
    "Magic Bullet Looks" = Magic Bullet Looks
    "Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Motherboard Monitor 5_is1" = Motherboard Monitor 5
    "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PatentWizard 3.0" = PatentWizard 3.0
    "PowerISO" = PowerISO
    "Raylight Ultra_is1" = Raylight Ultra 1.1.1
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "Star Trek Armada II" = Star Trek Armada II
    "Star Trek Starfleet Command III" = Star Trek Starfleet Command III
    "Star Trek Voyager Elite Force" = Star Trek Voyager Elite Force
    "Starcraft" = Starcraft
    "Switch" = Switch Sound File Converter
    "SystemRequirementsLab" = System Requirements Lab
    "TNG Mega Mod by Chris Jones - Single File" = TNG Mega Mod by Chris Jones - Single File
    "TNG Mega Mod update to 531" = TNG Mega Mod update to 531
    "Unlocker" = Unlocker 1.9.0
    "uTorrent" = µTorrent
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm" = ZoneAlarm
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/4/2011 10:51:53 AM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application Frontend.exe, version 2.54.0.3, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/4/2011 10:52:33 AM | Computer Name = NAME| Source = Application Hang | ID = 1001
    Description = Fault bucket -1646129885.

    Error - 11/8/2011 2:45:16 PM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application QuuuvS22ob3.exe, version 0.0.0.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/8/2011 3:08:02 PM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application QuuuvS22ob3.exe, version 0.0.0.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/8/2011 3:10:37 PM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4280, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/8/2011 3:10:39 PM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4280, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/8/2011 7:15:41 PM | Computer Name = NAME| Source = MsiInstaller | ID = 11704
    Description = Product: AutoCAD 2012 - English -- Error 1704. An installation for
    Ad-Aware is currently suspended. You must undo the changes made by that installation
    to continue. Do you want to undo those changes?

    Error - 11/8/2011 7:17:33 PM | Computer Name = NAME| Source = Luc | ID = 259
    Description = Folder C:\Program Files\Common Files\Autodesk Shared\Materials\Textures
    doesn't exist.

    Error - 11/9/2011 12:54:23 PM | Computer Name = NAME| Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/9/2011 12:54:28 PM | Computer Name = NAME| Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    [ System Events ]
    Error - 11/9/2011 6:49:08 AM | Computer Name = NAME| Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 11/9/2011 6:49:25 AM | Computer Name = NAME| Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/9/2011 6:50:34 AM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 AmdPPM AsIO aswSnx aswSP aswTdi Fips Lbd mbmiodrvr SASDIFSV SASKUTIL SCDEmu sptd

    Error - 11/9/2011 6:51:10 AM | Computer Name = NAME| Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/9/2011 6:52:41 AM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 11/9/2011 12:50:29 PM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 11/9/2011 12:56:20 PM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 11/9/2011 1:11:51 PM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 11/9/2011 1:15:47 PM | Computer Name = NAME| Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{D29C5B03-7ACC-4E78-BD66-850E74D9A7E7}. The
    backup browser is stopping.

    Error - 11/9/2011 1:23:22 PM | Computer Name = NAME| Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      [2009/12/22 13:43:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O3 - HKU\S-1-5-21-823518204-861567501-725345543-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      [2011/11/08 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Application Data\UjjjYCwwkIrOtA
      [2011/11/08 13:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAME \Application Data\CjjYYCekIVrzNyA
      [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2010/01/03 13:32:39 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
      [2010/01/03 13:29:44 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    OTL results:


    -----------------------------


    All processes killed
    ========== OTL ==========
    Folder C:\Documents and Settings\NAME \Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-823518204-861567501-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
    Folder C:\Documents and Settings\NAME \Application Data\UjjjYCwwkIrOtA\ not found.
    Folder C:\Documents and Settings\NAME \Application Data\CjjYYCekIVrzNyA\ not found.
    C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla.dll deleted successfully.
    C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla6.dll deleted successfully.
    C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseData.ini deleted successfully.
    C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP folder deleted successfully.
    C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
    C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
    C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
    C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
    C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
    C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
    C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
    C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 moved successfully.
    C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: NAME
    ->Temp folder emptied: 13737218 bytes
    ->Temporary Internet Files folder emptied: 1549666 bytes
    ->Java cache emptied: 1110085 bytes
    ->FireFox cache emptied: 58021009 bytes
    ->Flash cache emptied: 58349 bytes

    User: LocalService
    ->Temp folder emptied: 2049432 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 1986232 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 1571 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1166807 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 2428 bytes

    Total Files Cleaned = 76.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: NAME
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11092011_165119

    Files\Folders moved on Reboot...
    C:\Documents and Settings\NAME\Local Settings\Temp\~DF4514.tmp moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\ZLT019d8.TMP not found!

    Registry entries deleted on Reboot...
     
  17. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Security Check results:

    -----------------------

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    Adobe After Effects CS3 Presets
    ZoneAlarm
    ZoneAlarm Toolbar
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    CCleaner
    DH Driver Cleaner Professional Edition
    Java(TM) 6 Update 29
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (3.6.23) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Looks good.
    Go on...
     
  19. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    If the online scanner takes several hours, I'll probably have to do it overnite, as I have to use my system for the next while.

    Thanks for your help, I'll post it's results tomorrow morning!
     
  20. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    No problem :)
     
  21. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Had some problems getting the scan to initialize (flash related?) so I'll knock it out sometime today, perhaps this evening, and post results.

    Thanks again!
     
  22. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Here is the ESET results. Around 1/3 of those are old software programs I downloaded, and have in 'storage' (and haven't accessed) from years ago.


    ---------------------------------------


    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0213291.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0213400.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0214399.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0215399.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0216399.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0217399.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0217409.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0218409.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0218513.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0218544.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP543\A0218668.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP545\A0219668.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP546\A0222668.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP546\A0223339.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{C558A9BE-81CD-4704-BB70-5901A2905D5C}\RP546\A0223398.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    F:\assorted programs\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
    F:\assorted programs\DVD software\AVS Video Converter 6.2.3.314 + Crack.zip a variant of Win32/Injector.CRM trojan deleted - quarantined
    F:\assorted programs\video production programs\Sorenson.Squeeze.v5.0.2.8.Incl.Patch.And.Keymaker.zip a variant of Win32/Keygen.AF application deleted - quarantined
    F:\assorted programs\video production programs\CD Rippers\freeripmp3.exe Win32/Adware.ADON application deleted - quarantined
    F:\assorted programs\video production programs\extracted Acid\Sony ACID Pro 7.0a Build 536\Keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
    F:\assorted programs\video production programs\extracted SoundForge 7.0\Sonic Foundry SoundForge v7.0 build 214\keygen.exe a variant of Win32/Keygen.AQ application cleaned by deleting - quarantined
    F:\assorted programs\video production programs\Vegas 8 programs\Sony Vegas Pro 8.0c!!!with dvd archit. Vista & Xp USERS KEYGEN CRACKED(with walkthrough video .mov) AAS ENG WORKS!.rar a variant of Win32/Keygen.AR application deleted - quarantined
    F:\assorted programs\video production programs\Vegas 8 programs\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
    F:\assorted programs\video production programs\Vegas 8 programs\Sony Vegas Pro 8.0c!!!with dvd archit. Vista & Xp USERS KEYGEN CRACKED(with walkthrough video .mov) AAS ENG WORKS!\keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
     
  23. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  24. GroovyGrover

    GroovyGrover TS Rookie Topic Starter Posts: 16

    Thanks again for keeping up with this!

    Initial OTS results:

    --------------------------------

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NAME
    ->Temp folder emptied: 19108181 bytes
    ->Temporary Internet Files folder emptied: 2226240 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41108664 bytes
    ->Flash cache emptied: 1090 bytes

    User: LocalService
    ->Temp folder emptied: 2046472 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 991416 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1557981 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 14754640 bytes

    Total Files Cleaned = 78.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: NAME
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 11102011_185952

    Files\Folders moved on Reboot...
    C:\Documents and Settings\NAME\Local Settings\Temp\~DF2A11.tmp moved successfully.
    File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
    File\Folder C:\WINDOWS\temp\ZLT03afd.TMP not found!

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.