WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] directrdr redirection

Started by Laertes , Nov 16 2009 10:48 AM

This topic is locked

30 replies to this topic

#1 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 16 November 2009 - 10:48 AM

Hi everyone, since yesterday i've been having random firefox pop-ups redirecting me to random websites.

MBAM hasn't detected anything neither has Avast! so i'm a tad confused :/

Please find the HJThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:48, on 16/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sfc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5613 bytes

Advertisements

Register to Remove

#2 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 17 November 2009 - 04:59 AM

Hi,

What kind of site are you being taken to? (Don't post a full link, just a name will suffice)

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done two logs should open:
DDS.txt
Attach.txt

Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

We Need to check for Rootkits with RootRepeal

Download RootRepeal from one of the following locations and save it to your desktop.
Open on your desktop.
Click the tab.
Click the button.
In the Select Scan dialog, check
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Please post this log in your next reply.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#3 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 17 November 2009 - 05:48 AM

DDS and RootRepeal don't work on Windows 7. And i'm getting taking to other search engines "swedenmates" and other random sites. -John

#4 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 17 November 2009 - 08:55 AM

My apologies, I missed the fact that you were using Windows 7. Please try the following two scans instead, I believe they are 7 compatible.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Proud Graduate of the TC/WTT Classroom

#5 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 17 November 2009 - 03:33 PM

Incidentally, what version of 7 are you running? DDS should be compatible with 7 now, it certainly works for me. I may notify the developer about this.

Proud Graduate of the TC/WTT Classroom

#6 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 17 November 2009 - 04:08 PM

I am running win 7 ultimate, and when i use DDS it says "not compatible with this version of windows".

EDIT: the link you gave me is working now (for DDS) so I'll post that tomorrow as it's bed time now.

Also to let you know my computer is becoming slow and unresponsive now, which is slighty annoying.

Anyway i've attached the two log files you asked for.

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-17 19:50:06
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\kxldypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A45579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spxw.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 91056CA0 5 Bytes JMP 866384E0
.text peauth.sys 9C40CC9D 28 Bytes [4F, 93, 13, 38, 7B, F4, 4D, ...]
.text peauth.sys 9C40CCC1 28 Bytes [4F, 93, 13, 38, 7B, F4, 4D, ...]
.text autochk.exe 002F11DC 1 Byte [1B]
.text autochk.exe 002F11F0 4 Bytes [9A, 3D, 8B, 40]
.text autochk.exe 002F11F7 6 Bytes [8C, 0C, 9C, 4B, 76, 01] {MOV WORD [ESP+EBX*4], CS; DEC EBX; JBE 0x7}
.text autochk.exe 002F1200 1 Byte [04]
.text autochk.exe 002F1204 4 Bytes [88, 08, 30, 00] {MOV [EAX], CL; XOR [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe[4068] ntdll.dll!LdrLoadDll 77C4F585 5 Bytes JMP 000E1400 C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8511C1F8
Device \Driver\volmgr \Device\VolMgrControl 851161F8
Device \Driver\usbohci \Device\USBPDO-0 8663E1F8
Device \Driver\sptd \Device\3547725568 spxw.sys
Device \Driver\usbehci \Device\USBPDO-1 8663F1F8
Device \Driver\PCI_PNP3568 \Device\00000053 spxw.sys
Device \Driver\nvstor32 \Device\00000060 8511A1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BDDD2B89-8A86-4C02-B690-6CBC03BC700F} 865721F8
Device \Driver\volmgr \Device\HarddiskVolume1 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8652A1F8
Device \Driver\USBSTOR \Device\00000072 86B5A1F8
Device \Driver\volmgr \Device\HarddiskVolume3 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 8652A1F8
Device \Driver\USBSTOR \Device\00000073 86B5A1F8
Device \Driver\atapi \Device\Ide\IdePort0 851181F8
Device \Driver\atapi \Device\Ide\IdePort1 851181F8
Device \Driver\volmgr \Device\HarddiskVolume4 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000074 86B5A1F8
Device \Driver\volmgr \Device\HarddiskVolume5 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000075 86B5A1F8
Device \Driver\volmgr \Device\HarddiskVolume6 851161F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000076 86B5A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 865721F8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort0 8511A1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\RaidPort1 8511A1F8
Device \Driver\nvstor32 \Device\0000005f 8511A1F8
Device \Driver\usbohci \Device\USBFDO-0 8663E1F8
Device \Driver\usbehci \Device\USBFDO-1 8663F1F8
Device \Driver\ajpzpvgh \Device\Scsi\ajpzpvgh1Port4Path0Target0Lun0 867B01F8
Device \Driver\ajpzpvgh \Device\Scsi\ajpzpvgh1 867B01F8
Device \Driver\00000629 -> \Driver\atapi \Device\Harddisk0\DR0 85EF9170

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x75 0xCA 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xC3 0x46 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x66 0xC8 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x50 0xEA 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xC3 0x46 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xD9 0xB4 0x1A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon\xae 3\Check for Updates.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon\xae 3\Check for Updates.lnk 1

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 17/11/2009 19:52:13 - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.22% Memory free
4.00 Gb Paging File | 3.65 Gb Available in Paging File | 91.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 145.07 Gb Free Space | 48.67% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 69.03 Gb Free Space | 46.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ZY202_VS) -- C:\Windows\System32\drivers\WlanUZG.sys (Atheros Communications, Inc.)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (atapi) -- C:\Windows\system32\DRIVERS\atapi.sys ()
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (XG762_VS) -- C:\Windows\System32\drivers\WlanGZG.sys (Atheros Communications, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 1B 9E 5A 23 62 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5
FF - prefs.js..extensions.enabledItems: validator@totalvalidator.com:6.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.14
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.4
FF - prefs.js..extensions.enabledItems: omfg@olive:0.6.080510
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6b2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2009/11/16 13:19:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2009/11/12 11:31:47 | 00,000,000 | ---D | M]

[2009/11/05 11:34:31 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2009/11/05 11:34:31 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/16 19:33:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions
[2009/11/13 11:37:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\{33d38acc-1742-4583-b7c2-4122c1150b1f}
[2009/11/13 11:15:48 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/11/13 11:37:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/13 11:37:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/13 11:15:48 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\firebug@software.joehewitt.com
[2009/11/13 11:37:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\foxmarks@kei.com
[2009/11/13 11:15:45 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\foxyproxy@eric.h.jung
[2009/11/13 11:37:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\lazarus@interclue.com
[2009/11/13 11:47:40 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\omfg@olive
[2009/11/13 11:37:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\optout@dubfire.net
[2009/11/14 13:53:56 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\personas@christopher.beard
[2009/11/13 11:37:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\SkipScreen@SkipScreen
[2009/11/13 11:15:48 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\extensions\validator@totalvalidator.com
[2009/11/05 16:58:33 | 00,002,059 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\uheoruki.default\searchplugins\daemon-search.xml

O1 HOSTS File: (1755 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 2 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/26 11:45:40 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/17 19:51:25 | 00,000,000 | ---D | C] -- C:\OTL
[2009/11/17 09:31:29 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\RCT3
[2009/11/17 09:31:29 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Atari
[2009/11/16 16:40:44 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/16 16:38:48 | 00,212,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2009/11/16 16:38:47 | 00,142,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2009/11/16 16:38:45 | 00,023,616 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdxata.sys
[2009/11/16 16:35:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/16 16:35:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/16 16:35:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/16 16:35:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/16 16:35:23 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/16 16:35:21 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/16 16:29:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/16 16:07:32 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/11/16 16:07:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/16 16:07:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/16 16:07:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/16 16:07:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/16 16:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/16 11:58:56 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Leadertech
[2009/11/16 11:58:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2009/11/16 11:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/11/15 21:29:49 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2009/11/15 21:29:49 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\CreeperWorld
[2009/11/15 21:29:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/15 21:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\KnuckleCracker
[2009/11/13 11:59:22 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/11/13 11:59:22 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/11/13 11:59:22 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/11/13 11:59:21 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/11/13 11:59:21 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/11/13 11:59:20 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/11/13 11:59:20 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/11/13 11:59:20 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/11/13 11:59:20 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/11/13 11:59:19 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/11/13 11:59:19 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009/11/13 11:59:19 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009/11/13 11:59:18 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009/11/13 11:59:18 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009/11/13 11:59:18 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009/11/13 11:59:18 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009/11/13 11:59:17 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/11/13 11:59:17 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009/11/13 11:59:17 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009/11/13 11:59:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009/11/13 11:59:16 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/11/13 11:59:16 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/11/13 11:59:15 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/11/13 11:59:14 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/11/13 11:59:14 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/11/13 11:59:14 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/11/13 11:59:14 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/11/13 11:59:13 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/11/13 11:59:13 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/11/13 11:59:13 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/11/13 11:59:12 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/11/13 11:59:12 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/11/13 11:59:11 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/11/13 11:59:08 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/11/13 11:59:08 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/11/13 11:59:08 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/11/13 11:59:03 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/11/13 11:59:03 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/11/13 11:59:02 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/11/13 11:59:02 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/11/13 11:59:02 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/11/13 11:59:02 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/11/13 11:59:01 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/11/13 11:59:01 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/11/13 11:59:01 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/11/13 11:59:00 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/11/13 11:59:00 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/11/13 11:58:59 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/11/13 11:58:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/11/13 11:58:57 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/11/13 11:58:57 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/11/13 11:58:57 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/11/13 11:58:57 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/11/13 11:58:57 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/11/13 11:58:57 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/11/13 11:58:56 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/11/13 11:58:42 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/11/13 11:58:40 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/11/13 11:58:40 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/11/13 11:58:39 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/11/13 11:58:37 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/11/13 11:58:37 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/11/13 11:58:35 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/11/13 11:50:24 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Telltale Games
[2009/11/12 15:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\ANNO 1602 - Gold Edition
[2009/11/12 15:37:14 | 00,000,000 | ---D | C] -- C:\Program Files\Anno 1602
[2009/11/12 15:32:18 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2009/11/12 10:04:19 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/11/12 09:53:45 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ImgBurn
[2009/11/12 09:48:40 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/11/12 09:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2009/11/12 09:15:51 | 00,000,000 | ---D | C] -- C:\Program Files\Bullfrog
[2009/11/12 09:15:40 | 00,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2009/11/11 18:26:45 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Command & Conquer 3 Kane's Wrath
[2009/11/11 18:25:13 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009/11/11 14:55:54 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/11/11 14:03:57 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/11/11 14:03:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/11/11 14:03:57 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/11/11 14:03:57 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/11/11 14:03:56 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/11/11 14:03:56 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/11/11 14:03:55 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/11/10 18:52:23 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/11/10 10:18:17 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/08 21:38:51 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/11/08 21:38:51 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/11/08 21:38:51 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/11/08 21:38:50 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/11/08 21:38:48 | 01,294,336 | ---- | C] (HMS http://hp.vector.co....hors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2009/11/08 21:38:48 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2009/11/08 21:38:48 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2009/11/08 21:38:48 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2009/11/08 21:38:47 | 00,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\I263_32.drv
[2009/11/08 21:38:47 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009/11/08 21:38:47 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2009/11/08 21:38:47 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2009/11/08 21:38:46 | 00,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/11/08 21:38:46 | 00,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2009/11/08 21:38:44 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2009/11/08 21:38:43 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2009/11/08 21:38:40 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/08 20:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/08 19:40:45 | 00,000,000 | ---D | C] -- C:\Program Files\VUGames
[2009/11/08 17:55:59 | 00,030,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2009/11/08 17:55:31 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2009/11/08 17:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/08 17:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/08 17:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/08 17:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/08 17:47:00 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Help
[2009/11/08 17:46:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/11/08 17:46:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/11/08 17:41:28 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009/11/07 15:46:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/11/07 15:45:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/07 15:43:52 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Hamachi
[2009/11/07 15:43:31 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/11/07 15:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2009/11/07 15:39:13 | 00,091,136 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\msls2.dll
[2009/11/07 15:31:04 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\PI Stuff
[2009/11/07 15:25:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/11/07 15:24:55 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/11/07 14:16:46 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2009/11/07 14:16:45 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/11/07 14:13:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/11/06 18:37:10 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\ElevatedDiagnostics
[2009/11/06 18:32:24 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/11/06 18:32:24 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/11/06 18:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/11/06 18:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/11/06 18:19:35 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Adobe
[2009/11/06 16:19:26 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/11/06 16:19:26 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/06 16:19:26 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/06 16:19:26 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/06 16:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/06 16:15:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/06 16:15:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/06 16:15:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/06 16:15:45 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/06 16:13:56 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2009/11/06 16:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/11/05 18:49:31 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/11/05 17:53:51 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/11/05 17:39:28 | 00,000,000 | ---D | C] -- C:\Program Files\Yamicsoft
[2009/11/05 17:29:05 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Totalidea_Software
[2009/11/05 17:21:52 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\stuff
[2009/11/05 17:21:32 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Bart_Ubing
[2009/11/05 16:58:33 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/11/05 16:56:58 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/11/05 16:56:50 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/11/05 16:53:04 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/05 16:53:04 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/05 16:51:37 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Diagnostics
[2009/11/05 16:46:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2009/11/05 16:46:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2009/11/05 15:51:30 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\skypePM
[2009/11/05 15:50:55 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Skype
[2009/11/05 15:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/05 15:50:40 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/05 15:50:01 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2009/11/05 15:35:26 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/05 15:29:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/05 15:29:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/05 14:04:20 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/11/05 14:04:10 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[2009/11/05 13:45:31 | 00,000,000 | R-SD | C] -- C:\Users\John\Documents\My Stationery
[2009/11/05 13:44:45 | 00,000,000 | ---D | C] -- C:\Users\John\Tracing
[2009/11/05 13:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/05 13:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/05 13:42:13 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/11/05 13:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/05 13:41:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/11/05 13:41:14 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/11/05 13:41:11 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/11/05 13:07:46 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\WinRAR
[2009/11/05 13:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/05 12:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/05 12:49:41 | 00,705,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll
[2009/11/05 12:49:41 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2009/11/05 12:49:28 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/11/05 12:49:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/11/05 12:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/11/05 12:47:30 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/05 12:44:11 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia
[2009/11/05 12:43:59 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/11/05 12:25:34 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Games
[2009/11/05 12:16:52 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/05 12:16:52 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/05 12:16:50 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/05 12:16:48 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/05 12:16:48 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/05 12:16:13 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/05 12:16:13 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2009/11/05 12:16:13 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP71.dll
[2009/11/05 12:16:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCR71.dll
[2009/11/05 12:16:13 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/05 12:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/05 11:53:35 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/05 11:49:41 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/11/05 11:49:40 | 00,728,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/05 11:49:39 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/11/05 11:49:39 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/11/05 11:49:39 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/11/05 11:49:39 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/11/05 11:49:39 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/11/05 11:49:39 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/11/05 11:49:39 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/11/05 11:49:38 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/05 11:47:06 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/05 11:46:46 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/05 11:46:02 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/11/05 11:34:27 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2009/11/05 11:34:27 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2009/11/05 11:27:36 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2009/11/05 11:26:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1
[2009/11/05 11:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/11/05 11:20:15 | 00,000,000 | R--D | C] -- C:\Users\John\Searches
[2009/11/05 11:19:57 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2009/11/05 11:19:53 | 00,000,000 | R--D | C] -- C:\Users\John\Contacts
[2009/11/05 11:19:37 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Templates
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Recent
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2009/11/05 11:19:26 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2009/11/05 11:19:24 | 00,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Videos
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Pictures
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Music
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Links
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Favorites
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Downloads
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Documents
[2009/11/05 11:19:24 | 00,000,000 | R--D | C] -- C:\Users\John\Desktop
[2009/11/05 11:19:24 | 00,000,000 | -H-D | C] -- C:\Users\John\AppData
[2009/11/05 11:19:24 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2009/11/05 11:19:24 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2009/11/05 11:19:24 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2009/11/05 11:15:43 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/11/05 10:53:58 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/11/05 10:50:48 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/11/05 09:35:48 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/11/05 06:42:02 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/11/05 06:18:07 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/11/04 23:07:11 | 00,000,000 | R--D | C] -- C:\Users\John\Documents\Videos
[2009/11/04 23:07:11 | 00,000,000 | R--D | C] -- C:\Users\John\Documents\Links
[2009/11/04 23:07:11 | 00,000,000 | R--D | C] -- C:\Users\John\Documents\Favorites
[2009/11/04 23:07:11 | 00,000,000 | R--D | C] -- C:\Users\John\Documents\Desktop
[2009/11/04 23:07:11 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Saved Games
[2009/11/04 17:46:50 | 01,146,184 | ---- | C] (Microsoft Corporation) -- C:\wlsetup-web.exe
[2009/11/04 10:54:54 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\avast_home_setup.exe
[2009/11/04 10:52:00 | 00,000,000 | ---D | C] -- C:\VoD-
[2009/10/30 12:04:27 | 00,000,000 | ---D | C] -- C:\VoD-Win
[2009/10/26 14:54:56 | 00,000,000 | ---D | C] -- C:\vtr char gen
[2009/10/25 14:26:22 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\wodfonts-040704
[2009/10/25 11:57:24 | 00,000,000 | ---D | C] -- C:\HeroLab
[2009/10/25 09:48:42 | 16,918,824 | ---- | C] (Macrovision Corporation) -- C:\Users\John\Documents\install_icq65.exe
[2009/10/22 15:00:50 | 16,043,8017 | ---- | C] (Werner Spahl ) -- C:\Users\John\Documents\vtmbup65.exe
[2009/10/21 19:57:53 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\My Publications
[2009/10/20 16:38:02 | 11,090,289 | ---- | C] (Macrovision Corporation) -- C:\Users\John\Documents\f5d7050v3_ww_03.00.02_w2.exe
[2009/10/19 12:29:27 | 08,416,065 | ---- | C] ( ) -- C:\Users\John\Documents\klcodec520s.exe

========== Files - Modified Within 30 Days ==========

[2009/11/17 19:52:28 | 02,097,152 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2009/11/17 19:24:48 | 00,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 19:24:48 | 00,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 19:24:08 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/17 19:24:08 | 00,622,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/17 19:24:08 | 00,108,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/17 19:19:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/17 19:19:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/17 19:19:14 | 19,114,63936 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 12:09:08 | 03,439,574 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2009/11/16 22:30:02 | 00,013,767 | ---- | M] () -- C:\Users\John\Documents\katmercer bio.docx
[2009/11/16 16:07:28 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 12:13:03 | 00,002,084 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/11/15 21:29:24 | 00,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Creeper World.lnk
[2009/11/15 16:35:00 | 17,580,5385 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/14 20:10:04 | 00,291,840 | ---- | M] () -- C:\Users\John\Desktop\gmer.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/12 10:04:19 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/11/12 09:48:41 | 00,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/12 09:33:49 | 00,001,372 | ---- | M] () -- C:\Users\John\Desktop\CSI-3 Dimensions of Murder.lnk
[2009/11/11 15:04:14 | 00,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Black & White 2.lnk
[2009/11/11 14:51:44 | 00,000,024 | ---- | M] () -- C:\Windows\AM_D8.PRF
[2009/11/11 14:02:30 | 00,001,206 | ---- | M] () -- C:\Users\John\Desktop\Command & Conquer 3 Kane's Wrath.lnk
[2009/11/10 13:57:05 | 00,051,712 | ---- | M] () -- C:\Users\John\Documents\appform.doc
[2009/11/10 13:48:11 | 00,027,833 | ---- | M] () -- C:\Users\John\Documents\idcardpic.jpg
[2009/11/10 13:45:52 | 00,502,844 | ---- | M] () -- C:\Users\John\Documents\idcardpic.psd
[2009/11/10 10:23:09 | 00,034,308 | ---- | M] () -- C:\Windows\System32\bassmod.dll
[2009/11/10 10:18:19 | 00,001,769 | ---- | M] () -- C:\Users\John\Desktop\MagicISO.lnk
[2009/11/08 22:15:32 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/11/08 21:44:16 | 13,118,8432 | ---- | M] () -- C:\Users\John\Documents\BackupRegistry(20091108).reg
[2009/11/08 21:43:09 | 00,028,672 | ---- | M] () -- C:\Users\John\Documents\BootBackup(20091108)
[2009/11/08 21:00:00 | 02,915,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/08 19:59:39 | 00,001,340 | ---- | M] () -- C:\Users\John\Desktop\Play Evil Genius.lnk
[2009/11/08 18:53:43 | 00,026,624 | ---- | M] () -- C:\Users\John\Documents\Goodbye Ritual.doc
[2009/11/08 18:44:57 | 00,010,605 | ---- | M] () -- C:\Users\John\Documents\Goodbye Ritual.docx
[2009/11/08 18:20:59 | 00,250,256 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/08 17:39:59 | 00,056,320 | ---- | M] () -- C:\Users\John\Documents\psw.doc
[2009/11/08 11:58:55 | 00,032,982 | ---- | M] () -- C:\Users\John\Documents\psw.odt
[2009/11/07 15:43:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/11/07 15:43:31 | 00,000,915 | ---- | M] () -- C:\Users\Public\Desktop\hamachi.lnk
[2009/11/07 15:26:44 | 00,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2009/11/07 14:21:34 | 00,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2009/11/06 16:53:30 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/06 16:19:08 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/06 16:19:08 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/06 16:19:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/06 16:19:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/11/06 16:16:06 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/05 18:49:19 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/11/05 17:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/05 17:04:12 | 00,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/05 17:04:12 | 00,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/05 16:58:30 | 00,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/11/05 16:57:39 | 00,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/05 15:50:41 | 00,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/05 14:35:52 | 00,000,000 | RHS- | M] () -- C:\winx.ld
[2009/11/05 14:35:50 | 00,203,836 | RHS- | M] () -- C:\grldr
[2009/11/05 14:04:20 | 00,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/05 12:50:00 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/05 12:50:00 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/05 12:50:00 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/05 12:16:52 | 00,002,014 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/05 12:16:45 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/05 11:32:11 | 00,871,936 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WlanUZG.sys
[2009/11/05 11:27:00 | 00,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 3.6 Beta 1.lnk
[2009/11/05 11:19:26 | 00,000,020 | -HS- | M] () -- C:\Users\John\ntuser.ini
[2009/11/05 10:55:29 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/11/05 10:53:20 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/04 18:00:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/11/04 18:00:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/11/04 18:00:00 | 00,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/04 18:00:00 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/11/04 18:00:00 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/11/04 18:00:00 | 00,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2009/11/04 17:50:25 | 01,502,610 | ---- | M] () -- C:\G-202_2.0.2.5.zip
[2009/11/04 17:47:45 | 01,146,184 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-web.exe
[2009/11/04 10:54:57 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\avast_home_setup.exe
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 12:39:28 | 01,374,499 | ---- | M] () -- C:\Users\John\Documents\wodfonts-040704.7z
[2009/11/02 09:50:55 | 00,032,768 | ---- | M] () -- C:\Users\John\Documents\ryan.doc
[2009/11/02 09:50:44 | 00,013,805 | ---- | M] () -- C:\Users\John\Documents\ryan.docx
[2009/10/25 18:46:44 | 00,012,339 | ---- | M] () -- C:\Users\John\Documents\tmonster.docx
[2009/10/25 14:25:11 | 02,243,018 | ---- | M] () -- C:\Users\John\Documents\wodfonts-040704.zip
[2009/10/25 13:23:24 | 00,146,495 | ---- | M] () -- C:\Users\John\Documents\sheetgen-2.1.2.rar
[2009/10/25 11:56:40 | 03,698,996 | ---- | M] () -- C:\Users\John\Documents\VoD-Win.zip
[2009/10/25 11:56:26 | 07,844,295 | ---- | M] () -- C:\Users\John\Documents\hl35_install.exe
[2009/10/25 09:50:11 | 16,918,824 | ---- | M] (Macrovision Corporation) -- C:\Users\John\Documents\install_icq65.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/23 21:41:47 | 00,067,072 | ---- | M] () -- C:\Users\John\Documents\MembershipForm.doc
[2009/10/23 14:15:20 | 00,013,507 | ---- | M] () -- C:\Users\John\Documents\MemTest.zip
[2009/10/22 16:52:43 | 16,043,8017 | ---- | M] (Werner Spahl ) -- C:\Users\John\Documents\vtmbup65.exe
[2009/10/22 14:59:27 | 00,013,400 | ---- | M] () -- C:\Users\John\Documents\VTMB Camarilla Edition 1.1.exe
[2009/10/22 10:15:20 | 03,961,470 | ---- | M] () -- C:\Users\John\Documents\results.zip
[2009/10/21 20:12:01 | 01,913,731 | ---- | M] () -- C:\Users\John\Documents\abcpdf.zip
[2009/10/21 19:55:42 | 10,606,592 | ---- | M] () -- C:\Users\John\Documents\creator.msi
[2009/10/21 19:53:37 | 01,215,655 | ---- | M] () -- C:\Users\John\Documents\abclit.zip
[2009/10/20 16:39:06 | 11,090,289 | ---- | M] (Macrovision Corporation) -- C:\Users\John\Documents\f5d7050v3_ww_03.00.02_w2.exe
[2009/10/20 10:54:01 | 18,527,244 | ---- | M] () -- C:\Users\John\Documents\vlc-1.0.2-win32.exe
[2009/10/19 14:10:10 | 05,958,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/19 13:52:58 | 00,263,298 | ---- | M] () -- C:\Users\John\Documents\RBGold.pdf
[2009/10/19 12:30:14 | 08,416,065 | ---- | M] ( ) -- C:\Users\John\Documents\klcodec520s.exe
[2009/10/19 10:17:40 | 00,033,921 | ---- | M] () -- C:\Users\John\Documents\menew1.jpg
[2009/10/19 09:57:56 | 06,567,936 | ---- | M] () -- C:\Users\John\Documents\Windows7UpgradeAdvisor.msi

========== Files Created - No Company Name ==========

[2009/11/17 19:30:30 | 00,291,840 | ---- | C] () -- C:\Users\John\Desktop\gmer.exe
[2009/11/16 22:08:37 | 00,013,767 | ---- | C] () -- C:\Users\John\Documents\katmercer bio.docx
[2009/11/16 16:35:41 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/16 16:35:40 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/16 16:35:40 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/16 16:35:40 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/16 16:35:40 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/16 16:07:28 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 11:59:03 | 00,002,084 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/11/16 11:58:53 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/11/15 21:29:24 | 00,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Creeper World.lnk
[2009/11/12 09:48:41 | 00,001,811 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/12 09:33:49 | 00,001,372 | ---- | C] () -- C:\Users\John\Desktop\CSI-3 Dimensions of Murder.lnk
[2009/11/11 15:04:14 | 00,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Black & White 2.lnk
[2009/11/11 14:51:44 | 00,000,024 | ---- | C] () -- C:\Windows\AM_D8.PRF
[2009/11/11 14:02:30 | 00,001,206 | ---- | C] () -- C:\Users\John\Desktop\Command & Conquer 3 Kane's Wrath.lnk
[2009/11/10 13:48:35 | 00,051,712 | ---- | C] () -- C:\Users\John\Documents\appform.doc
[2009/11/10 13:48:09 | 00,027,833 | ---- | C] () -- C:\Users\John\Documents\idcardpic.jpg
[2009/11/10 13:43:00 | 00,502,844 | ---- | C] () -- C:\Users\John\Documents\idcardpic.psd
[2009/11/10 10:23:09 | 00,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2009/11/10 10:18:19 | 00,001,769 | ---- | C] () -- C:\Users\John\Desktop\MagicISO.lnk
[2009/11/08 21:44:03 | 13,118,8432 | ---- | C] () -- C:\Users\John\Documents\BackupRegistry(20091108).reg
[2009/11/08 21:43:06 | 00,028,672 | ---- | C] () -- C:\Users\John\Documents\BootBackup(20091108)
[2009/11/08 21:38:50 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/08 21:38:49 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/08 21:38:48 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2009/11/08 21:38:46 | 02,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/11/08 21:38:45 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/08 21:38:45 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/08 21:38:44 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/08 21:38:42 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/08 21:38:42 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/08 19:59:39 | 00,001,340 | ---- | C] () -- C:\Users\John\Desktop\Play Evil Genius.lnk
[2009/11/08 18:46:31 | 00,026,624 | ---- | C] () -- C:\Users\John\Documents\Goodbye Ritual.doc
[2009/11/08 18:44:56 | 00,010,605 | ---- | C] () -- C:\Users\John\Documents\Goodbye Ritual.docx
[2009/11/08 17:39:56 | 00,056,320 | ---- | C] () -- C:\Users\John\Documents\psw.doc
[2009/11/08 11:57:34 | 00,032,982 | ---- | C] () -- C:\Users\John\Documents\psw.odt
[2009/11/07 15:43:30 | 00,000,915 | ---- | C] () -- C:\Users\Public\Desktop\hamachi.lnk
[2009/11/07 15:26:43 | 00,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2009/11/07 14:21:34 | 00,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2009/11/06 16:53:30 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/06 16:16:06 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/05 17:04:12 | 00,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 16:58:30 | 00,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/11/05 16:44:19 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/05 15:50:41 | 00,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/05 15:34:05 | 17,580,5385 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/05 14:35:52 | 00,000,000 | RHS- | C] () -- C:\winx.ld
[2009/11/05 14:04:20 | 00,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/05 12:49:58 | 03,439,574 | -H-- | C] () -- C:\Users\John\AppData\Local\IconCache.db
[2009/11/05 12:49:41 | 00,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/11/05 12:16:52 | 00,002,014 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/05 12:16:13 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/11/05 11:33:38 | 00,250,256 | ---- | C] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/05 11:27:00 | 00,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 3.6 Beta 1.lnk
[2009/11/05 11:19:26 | 00,000,020 | -HS- | C] () -- C:\Users\John\ntuser.ini
[2009/11/05 11:19:25 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/05 11:19:24 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/05 11:19:24 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/05 11:19:23 | 02,097,152 | -HS- | C] () -- C:\Users\John\NTUSER.DAT
[2009/11/05 10:53:20 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 09:35:42 | 00,000,000 | RHS- | C] () -- C:\Boot.ini.saved
[2009/11/05 09:35:42 | 00,000,000 | RHS- | C] () -- C:\boot.ini
[2009/11/05 01:02:58 | 19,114,63936 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/04 19:28:44 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/11/04 17:49:32 | 01,502,610 | ---- | C] () -- C:\G-202_2.0.2.5.zip
[2009/11/02 12:39:25 | 01,374,499 | ---- | C] () -- C:\Users\John\Documents\wodfonts-040704.7z
[2009/11/02 09:50:53 | 00,032,768 | ---- | C] () -- C:\Users\John\Documents\ryan.doc
[2009/11/02 09:03:51 | 00,013,805 | ---- | C] () -- C:\Users\John\Documents\ryan.docx
[2009/11/02 07:58:36 | 03,206,344 | ---- | C] () -- C:\Users\John\Documents\HOSPPAT.EXE
[2009/11/02 07:58:36 | 00,265,396 | ---- | C] () -- C:\Users\John\Documents\DOS4GW.EXE
[2009/11/02 07:58:08 | 03,099,476 | ---- | C] () -- C:\Users\John\Documents\instpat.exe
[2009/10/25 18:46:43 | 00,012,339 | ---- | C] () -- C:\Users\John\Documents\tmonster.docx
[2009/10/25 14:25:01 | 02,243,018 | ---- | C] () -- C:\Users\John\Documents\wodfonts-040704.zip
[2009/10/25 13:23:22 | 00,146,495 | ---- | C] () -- C:\Users\John\Documents\sheetgen-2.1.2.rar
[2009/10/25 11:55:04 | 03,698,996 | ---- | C] () -- C:\Users\John\Documents\VoD-Win.zip
[2009/10/25 11:54:50 | 07,844,295 | ---- | C] () -- C:\Users\John\Documents\hl35_install.exe
[2009/10/23 21:41:45 | 00,067,072 | ---- | C] () -- C:\Users\John\Documents\MembershipForm.doc
[2009/10/23 14:14:59 | 00,013,507 | ---- | C] () -- C:\Users\John\Documents\MemTest.zip
[2009/10/22 14:59:17 | 00,013,400 | ---- | C] () -- C:\Users\John\Documents\VTMB Camarilla Edition 1.1.exe
[2009/10/22 10:15:20 | 03,961,470 | ---- | C] () -- C:\Users\John\Documents\results.zip
[2009/10/21 20:10:52 | 01,913,731 | ---- | C] () -- C:\Users\John\Documents\abcpdf.zip
[2009/10/21 19:54:48 | 10,606,592 | ---- | C] () -- C:\Users\John\Documents\creator.msi
[2009/10/21 19:53:06 | 01,215,655 | ---- | C] () -- C:\Users\John\Documents\abclit.zip
[2009/10/20 10:50:55 | 18,527,244 | ---- | C] () -- C:\Users\John\Documents\vlc-1.0.2-win32.exe
[2009/10/19 13:52:57 | 00,263,298 | ---- | C] () -- C:\Users\John\Documents\RBGold.pdf
[2009/10/19 10:17:37 | 00,033,921 | ---- | C] () -- C:\Users\John\Documents\menew1.jpg
[2009/10/19 09:57:25 | 06,567,936 | ---- | C] () -- C:\Users\John\Documents\Windows7UpgradeAdvisor.msi
[2009/07/14 04:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 04:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/14 02:04:23 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009/07/14 02:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 23:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:11:15 | 00,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/06/26 17:21:02 | 00,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

========== LOP Check ==========

[2009/11/17 09:31:29 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2009/11/11 18:26:35 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009/11/15 21:32:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CreeperWorld
[2009/11/15 21:29:49 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2009/11/05 21:10:27 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/11/12 10:04:07 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2009/11/16 11:58:56 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2009/11/06 16:13:56 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2009/11/16 11:45:27 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2009/11/17 19:19:39 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/11 14:22:03 | 00,015,244 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by Laertes, 17 November 2009 - 04:11 PM.

#7 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 17 November 2009 - 04:16 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by John at 22:13:14.77 on 17/11/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2431.1201 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\uheoruki.default\
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\uheoruki.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", true);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-5 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-5 53328]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-16 269648]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-16 19160]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\drivers\WlanGZG.sys [2007-8-20 873472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ;c:\windows\system32\drivers\nvmf6232.sys [2009-7-31 287392]
S3 ZY202_VS;ZyXEL 802.11g XG202 1211 Vista Driver;c:\windows\system32\drivers\WlanUZG.sys [2007-6-14 871936]

=============== Created Last 30 ================

2009-11-17 19:51:25 0 d-----w- C:\OTL
2009-11-17 09:31:29 0 d-----w- c:\users\john\appdata\roaming\Atari
2009-11-16 16:38:48 212000 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-11-16 16:38:47 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2009-11-16 16:38:45 23616 ----a-w- c:\windows\system32\drivers\amdxata.sys
2009-11-16 16:35:41 77312 ----a-w- c:\windows\MBR.exe
2009-11-16 16:35:40 98816 ----a-w- c:\windows\sed.exe
2009-11-16 16:35:40 260608 ----a-w- c:\windows\PEV.exe
2009-11-16 16:35:40 161792 ----a-w- c:\windows\SWREG.exe
2009-11-16 16:35:21 0 d-s---w- C:\ComboFix
2009-11-16 16:07:32 0 d-----w- c:\users\john\appdata\roaming\Malwarebytes
2009-11-16 16:07:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 16:07:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 16:07:23 0 d-----w- c:\programdata\Malwarebytes
2009-11-16 16:07:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 11:58:53 197120 ----a-w- c:\windows\patchw32.dll
2009-11-16 11:58:53 0 d-----w- c:\program files\common files\PocketSoft
2009-11-16 11:53:25 0 d-----w- c:\program files\Atari
2009-11-15 21:29:49 0 d-----w- c:\users\john\appdata\roaming\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
2009-11-15 21:29:49 0 d-----w- c:\users\john\appdata\roaming\CreeperWorld
2009-11-15 21:29:19 0 d-----w- c:\program files\KnuckleCracker
2009-11-13 11:58:59 440080 ----a-w- c:\windows\system32\d3dx10.dll
2009-11-12 15:38:41 0 d-----w- c:\program files\ANNO 1602 - Gold Edition
2009-11-12 15:37:14 0 d-----w- c:\program files\Anno 1602
2009-11-12 15:32:18 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-12 10:04:19 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-12 09:15:51 0 d-----w- c:\program files\Bullfrog
2009-11-12 09:15:40 299008 ----a-w- c:\windows\uninst.exe
2009-11-11 18:25:13 0 d-----w- c:\users\john\appdata\roaming\Command & Conquer 3 Kane's Wrath
2009-11-11 14:51:44 24 ----a-w- c:\windows\AM_D8.PRF
2009-11-11 14:03:57 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-11-11 14:03:57 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-11-11 14:03:57 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-11-11 14:03:57 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-11-11 14:03:56 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-11-11 14:03:56 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-10 10:18:17 0 d-----w- c:\program files\MagicISO
2009-11-08 21:38:40 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-08 20:05:08 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-08 19:40:45 0 d-----w- c:\program files\VUGames
2009-11-08 17:55:59 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-11-08 17:55:31 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 17:48:03 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-08 17:46:54 0 d-----w- c:\programdata\Microsoft Help
2009-11-08 17:41:28 0 d-----w- c:\windows\system32\appmgmt
2009-11-07 15:43:31 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-07 15:43:30 0 d-----w- c:\program files\Hamachi
2009-11-07 15:39:13 91136 ----a-r- c:\windows\system32\msls2.dll
2009-11-07 15:25:58 0 d-----w- c:\program files\Microsoft LifeCam
2009-11-07 15:24:55 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-11-07 14:16:46 0 d-----w- c:\program files\EA Games
2009-11-06 18:32:24 0 d-----w- c:\programdata\FLEXnet
2009-11-06 18:21:36 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-06 16:53:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-06 16:19:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 16:15:50 0 d-----w- c:\programdata\Adobe
2009-11-06 16:13:56 0 d-----w- c:\users\john\appdata\roaming\OpenOffice.org
2009-11-06 16:10:14 0 d-----w- c:\program files\OpenOffice.org 3
2009-11-05 18:49:31 0 d-----w- c:\windows\Panther
2009-11-05 17:39:28 0 d-----w- c:\program files\Yamicsoft
2009-11-05 16:58:33 0 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-05 16:56:58 0 d-----w- c:\program files\DAEMON Tools Lite
2009-11-05 16:56:50 0 d-----w- c:\users\john\appdata\roaming\DAEMON Tools Lite
2009-11-05 16:53:04 0 d-----w- c:\programdata\DAEMON Tools Lite
2009-11-05 16:46:14 0 d-----w- c:\programdata\Messenger Plus!
2009-11-05 16:44:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-05 15:50:40 0 d-----r- c:\program files\Skype
2009-11-05 15:50:01 0 d-----w- c:\program files\Messenger Plus! Live
2009-11-05 15:34:05 175805385 ----a-w- c:\windows\MEMORY.DMP
2009-11-05 15:29:32 0 d-----w- c:\programdata\Skype
2009-11-05 14:35:52 0 --sh--r- C:\winx.ld
2009-11-05 14:04:20 0 d-----w- c:\program files\uTorrent
2009-11-05 14:04:10 0 d-----w- c:\users\john\appdata\roaming\uTorrent
2009-11-05 13:44:45 0 d-----w- c:\users\john\Tracing
2009-11-05 13:42:25 0 d-----w- c:\program files\Microsoft
2009-11-05 13:42:00 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-05 13:41:14 0 d-----w- c:\windows\PCHEALTH
2009-11-05 13:41:11 0 d-sh--w- c:\windows\Installer
2009-11-05 12:59:30 0 d-----w- c:\program files\common files\Windows Live
2009-11-05 12:49:41 705536 ----a-w- c:\windows\system32\cohelper.dll
2009-11-05 12:49:41 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-11-05 12:49:41 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-05 12:49:28 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-05 12:49:13 0 d-----w- c:\windows\system32\RTCOM
2009-11-05 12:49:13 0 d-----w- c:\program files\Realtek
2009-11-05 12:16:13 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-05 12:16:13 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-05 12:16:13 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-11-05 12:16:13 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-05 11:53:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-05 11:49:40 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-05 11:49:39 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-05 11:49:39 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-05 11:49:39 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-05 11:49:39 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-05 11:49:39 2613248 ----a-w- c:\windows\explorer.exe
2009-11-05 11:49:39 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-05 11:49:39 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-05 11:49:38 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-05 11:46:02 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-05 11:26:57 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2009-11-05 11:24:42 717892 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-11-05 11:23:32 0 d-----w- c:\windows\system32\wbem\Performance
2009-11-05 11:15:43 0 d-sh--w- C:\Recovery
2009-11-05 10:53:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-05 09:35:48 0 d-sh--w- C:\Boot
2009-11-05 09:35:42 0 --sha-r- C:\Boot.ini.saved
2009-11-05 06:42:02 0 d--h--w- C:\$WINDOWS.~Q
2009-11-05 06:18:07 0 d--h--w- C:\$INPLACE.~TR
2009-11-04 19:28:44 8192 --sha-r- C:\BOOTSECT.BAK
2009-11-04 17:49:32 1502610 ----a-w- C:\G-202_2.0.2.5.zip
2009-11-04 17:46:50 1146184 ----a-w- C:\wlsetup-web.exe
2009-11-04 13:29:05 0 d--h--w- C:\ckis
2009-11-04 13:24:22 0 d-----w- C:\KIS_7_8_9_Keys
2009-11-04 10:54:54 308160 ----a-w- C:\avast_home_setup.exe
2009-11-04 10:52:00 0 d-----w- C:\VoD-
2009-10-30 12:04:27 0 d-----w- C:\VoD-Win
2009-10-26 14:54:56 0 d-----w- C:\vtr char gen
2009-10-25 11:57:24 0 d-----w- C:\HeroLab

==================== Find3M ====================

2032-02-10 16:55:18 41972 ----a-w- c:\windows\fonts\MEATHFF.TTF
2009-11-16 16:56:21 14512072 ----a-w- c:\windows\fonts\msjhbd.ttf
2009-11-05 11:32:11 871936 ----a-w- c:\windows\system32\drivers\WlanUZG.sys
2009-11-04 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:14:46.94 ===============

Attached Files

Attach.txt 17.9KB 1452 downloads

#8 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 17 November 2009 - 05:03 PM

Please open notepad, copy/paste the following text into the notepad window and save it as "run.bat" (use quotes):

@echo off
copy "C:\WINDOWS\mbr.exe" "%userprofile%\Desktop\mbr.exe"
del /Q %0

Double-click run.bat to run. A file called mbr.exe should be created on your Desktop. Please right-click this file and select Run As Administrator... to run it. A log called mbr.txt should be on your Desktop, please post it.

I see you have run ComboFix. Was it successful? If so, please post its log (C:\ComboFix.txt).

Proud Graduate of the TC/WTT Classroom

#9 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 18 November 2009 - 04:20 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Not actually ran it, just downloaded it

#10 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 18 November 2009 - 04:30 AM

There are a few things in your GMER log that look a little suspicious. However, its very hard to tell, because you have Daemon installed. Daemon uses Rootkit like technology which means it greatly interferes with Rootkit scans and makes it very hard to differentiate between Malware and legit stuff.

In light of this, I would be very grateful if you would consider removing Daemon Tools and any other CD emulators temporarily, then reboot your computer and post a new GMER log. Otherwise, its very hard to see what's going on.

Proud Graduate of the TC/WTT Classroom

Advertisements

Register to Remove

#11 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 18 November 2009 - 04:54 AM

I've downloaded ComboFix but not ran it

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-18 10:53:14
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\kxldypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E21634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E21898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A52579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A76F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spom.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9104DCA0 5 Bytes JMP 8661E1D8
.text peauth.sys 9A15AC9D 28 Bytes [1E, 76, 8A, 1D, 31, 60, 2E, ...]
.text peauth.sys 9A15ACC1 28 Bytes [1E, 76, 8A, 1D, 31, 60, 2E, ...]
PAGE peauth.sys 9A160E20 101 Bytes [26, DF, 2D, 79, 52, 43, 02, ...]
PAGE peauth.sys 9A16102C 102 Bytes [41, AB, F5, B4, 69, 8F, E2, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9EEED000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9EEED123 629 Bytes [85, EE, 9E, FE, 05, 34, 85, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9EEED399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9EEED3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9EEED4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8511C1F8
Device \Driver\00000715 -> \Driver\atapi \Device\Harddisk0\DR0 85EDE170

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x96 0x5E 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x50 0xEA 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xC3 0x46 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xD9 0xB4 0x1A ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\75@DoneAddingCrawlSeeds 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon\xae 3\Check for Updates.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon\xae 3\Check for Updates.lnk 1

---- EOF - GMER 1.0.15 ----

#12 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 18 November 2009 - 07:58 AM

I've downloaded ComboFix but not ran it

Its interesting you say that, because the DDS log shows clear signs that ComboFix has at least began running:
2009-11-16 16:35:41 77312 ----a-w- c:\windows\MBR.exe
2009-11-16 16:35:40 98816 ----a-w- c:\windows\sed.exe
2009-11-16 16:35:40 260608 ----a-w- c:\windows\PEV.exe
2009-11-16 16:35:40 161792 ----a-w- c:\windows\SWREG.exe
2009-11-16 16:35:21 0 d-s---w- C:\ComboFix

Did you try running it and it failed by any chance? Are there any files in C:\ComboFix?

Your GMER log looks a lot clearer, but there are still some signs of a CD Emulator. Do you have any other CD Emulators or any other Daemon relate stuff installed?

Proud Graduate of the TC/WTT Classroom

#13 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 18 November 2009 - 08:22 AM

I did run it and it failed yes. my apologies. And in the dir, when i click it, it goes to a my computer look a like. No, no other cd emulators on my system

Edited by Laertes, 18 November 2009 - 08:23 AM.

#14 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 18 November 2009 - 10:28 AM

Is ComboFix still on your Desktop? If not, don't worry, proceed to the next step. If it is, please do the following.

Click Start >> Run or hold the Windows key and hit R to open the Run box. Copy/paste the following into the Run box and hit Enter:
"%userprofile%\Desktop\ComboFix.exe" /uninstall

Next Step:
Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3

Posted Image

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on Combo-Fix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Proud Graduate of the TC/WTT Classroom

#15 Laertes

Authentic Member

Authentic Member
34 posts

Interests:Severe Weather, Paranormal Activity, Paganism, Computers, Reading, Gaming

Posted 18 November 2009 - 11:40 AM

ComboFix keeps crashing, i've left it for an hour and my PC BlueScreens and restarts. It's done it twice now. lol

Body Background

skin color theme