Jump to content


Photo

trojan.win32.Generic!BT


  • This topic is locked This topic is locked
35 replies to this topic

#1 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 05 January 2012 - 02:59 PM

This file is detected and removed by Ad-Aware, but after the reboot, it is always found again. I would really appreciate any help in permanently getting rid of it.

Ad-Aware was last updated 1/1/2012 0150.0669

Scanned with Ad-Aware, removed infected issues and did not reboot before running OTL. Please let me know if I have missed a step in what you need in order to help. Thank you kindly.

Sincerely,

Nerwign



OTL.Txt:

OTL logfile created on: 1/5/2012 5:50:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nerwign\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.84% Memory free
8.22 Gb Paging File | 5.53 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.63 Gb Total Space | 68.66 Gb Free Space | 15.17% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.81 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive M: | 1.89 Gb Total Space | 0.18 Gb Free Space | 9.70% Space Free | Partition Type: FAT

Computer Name: NERWIGN-PC | User Name: Nerwign | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nerwign\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe ()
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Winamp\winampa.exe ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV:64bit: - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV:64bit: - (VMAuthdService) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe (VMware, Inc.)
SRV:64bit: - (ufad-ws60) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-ufad.exe (VMware, Inc.)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (vmwvusb) -- C:\Windows\SysNative\Drivers\vmwvusb.sys ()
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys ()
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys ()
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys ()
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys ()
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys ()
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys ()
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys ()
DRV:64bit: - (vstor2-ws60) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vstor2-ws60.sys (VMware, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files (x86)\HP\DVDPlay\000.fcl (Cyberlink Corp.)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\Codex\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/21 06:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/13 12:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 12:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 12:59:22 | 000,000,000 | ---D | M]

[2008/12/10 06:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Extensions
[2011/02/28 18:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Firefox\Profiles\awaybks7.default\extensions
[2009/09/04 20:53:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Firefox\Profiles\awaybks7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/09 04:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/09 04:45:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/12/23 01:47:58 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware View\Client\Local Mode\hqtray.exe" File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\VMware\VMware View\Client\Local Mode\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\VMware\VMware View\Client\Local Mode\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.bestmark....ort/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://alliantinsur...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...990/mcfscan.cab (McFreeScan Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...veX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04B24052-B720-4B69-90A1-29885A84A3D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nerwign\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nerwign\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll ()
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 05:49:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nerwign\Documents\OTL.exe
[2012/01/04 18:47:12 | 000,000,000 | ---D | C] -- C:\Users\Nerwign\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/04 18:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/04 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/04 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/04 18:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/12/29 19:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/29 19:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/29 19:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/29 19:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/22 18:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/22 18:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/21 23:02:19 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/18 22:17:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/12/18 22:17:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/12/18 22:17:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/12/18 22:17:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/12/18 22:17:48 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/12/18 22:17:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/12/18 22:17:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/12/18 22:17:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/12/18 22:17:43 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/12/18 22:17:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/12/18 22:17:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/12/18 22:17:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/12/18 22:17:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/12/18 22:17:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/12/18 22:17:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/12/18 22:17:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/12/18 22:17:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/12/18 22:17:35 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/12/18 22:17:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/12/18 22:17:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/12/18 22:17:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/12/18 22:17:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/18 22:17:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/12/18 22:17:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/12/18 22:17:31 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/12/18 22:17:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/12/18 22:17:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/12/18 22:17:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/12/18 22:17:29 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/12/18 22:17:27 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/12/18 22:17:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/12/18 22:17:25 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/12/18 22:17:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/12/18 22:17:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/12/18 22:17:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/12/18 22:17:23 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/12/18 22:17:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/12/18 22:17:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/12/18 22:17:22 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/12/18 22:17:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/12/18 22:17:21 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/12/18 22:17:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/12/18 22:17:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/12/18 22:17:18 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/12/18 22:17:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/12/18 22:17:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/12/18 22:17:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/12/18 22:17:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/12/18 22:17:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/12/18 22:17:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/12/18 22:17:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/12/18 22:17:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/12/18 22:17:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/12/18 22:17:10 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/12/18 22:17:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/12/18 22:17:09 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/12/18 22:17:08 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/12/18 22:17:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/12/18 22:17:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/12/18 22:17:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/12/18 22:17:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/12/18 22:17:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/12/18 22:17:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/12/18 22:17:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/12/18 22:17:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/12/18 22:17:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/12/18 22:16:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/12/18 22:16:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/12/18 22:16:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/12/18 22:16:56 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/12/18 22:16:56 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/12/18 22:16:55 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/12/18 22:16:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/12/18 22:16:54 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/12/18 22:16:53 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/12/18 22:16:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/12/18 22:16:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/12/18 22:16:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/12/18 22:16:51 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/12/18 22:16:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/12/18 22:16:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/12/18 22:16:47 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/12/18 22:16:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/12/18 22:16:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/12/18 22:16:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/12/18 22:16:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/12/18 22:16:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/12/18 22:16:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/12/18 22:16:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/12/18 22:16:37 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/12/18 22:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/12/18 22:05:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/10/02 12:12:21 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 05:49:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nerwign\Documents\OTL.exe
[2012/01/05 05:44:47 | 000,000,160 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/01/05 05:42:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 05:42:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 04:56:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 03:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 23:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/04 23:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/04 22:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/04 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/04 22:01:17 | 000,695,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 22:01:17 | 000,598,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 22:01:17 | 000,102,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 21:54:37 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/04 21:53:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/04 21:53:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/04 21:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 21:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/04 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/04 20:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/04 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/04 18:46:53 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/03 18:30:14 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/01/03 18:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/03 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/03 17:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/03 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/03 17:26:10 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nerwign.job
[2012/01/03 16:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/03 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/03 15:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/03 15:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/03 14:27:09 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/03 14:27:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/03 13:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/03 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/03 12:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/03 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/01 18:32:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/01 18:32:15 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/01 11:41:13 | 000,000,147 | ---- | M] () -- C:\Users\Nerwign\Desktop\rk-proxy.reg
[2012/01/01 11:39:57 | 001,008,141 | ---- | M] () -- C:\Users\Nerwign\Desktop\iExplore.exe
[2012/01/01 11:31:27 | 000,012,856 | -HS- | M] () -- C:\Users\Nerwign\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 11:31:27 | 000,012,856 | -HS- | M] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/12/30 09:36:01 | 000,000,842 | ---- | M] () -- C:\Users\Nerwign\Desktop\mbam.exe - Shortcut.lnk
[2011/12/29 19:04:20 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/29 18:46:03 | 000,457,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/24 02:06:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\0ns4R1.dat
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111230-093818.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111229-224054.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111224-093346.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111224-091735.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/22 18:25:26 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/22 18:22:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/22 06:26:02 | 012,407,296 | ---- | M] () -- C:\Users\Nerwign\Documents\Ad-Aware96Install.msi
[2011/12/17 09:49:27 | 000,186,368 | ---- | M] () -- C:\Users\Nerwign\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 10:07:32 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 05:44:41 | 000,000,160 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/01/04 21:53:33 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/04 18:46:53 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/01 11:41:13 | 000,000,147 | ---- | C] () -- C:\Users\Nerwign\Desktop\rk-proxy.reg
[2012/01/01 11:39:53 | 001,008,141 | ---- | C] () -- C:\Users\Nerwign\Desktop\iExplore.exe
[2012/01/01 11:20:09 | 000,012,856 | -HS- | C] () -- C:\Users\Nerwign\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 11:20:09 | 000,012,856 | -HS- | C] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/12/30 09:36:01 | 000,000,842 | ---- | C] () -- C:\Users\Nerwign\Desktop\mbam.exe - Shortcut.lnk
[2011/12/29 19:04:20 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 02:06:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\0ns4R1.dat
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/22 22:50:02 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/22 18:22:43 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/22 18:22:42 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/22 06:25:56 | 012,407,296 | ---- | C] () -- C:\Users\Nerwign\Documents\Ad-Aware96Install.msi
[2011/12/18 22:17:51 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2011/12/18 22:17:51 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/12/18 22:17:50 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2011/12/18 22:17:49 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/12/18 22:17:48 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/12/18 22:17:47 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2011/12/18 22:17:46 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2011/12/18 22:17:45 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2011/12/18 22:17:43 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2011/12/18 22:17:43 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/12/18 22:17:41 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2011/12/18 22:17:41 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/12/18 22:17:39 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2011/12/18 22:17:38 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2011/12/18 22:17:37 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/12/18 22:17:37 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/12/18 22:17:36 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2011/12/18 22:17:35 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2011/12/18 22:17:35 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2011/12/18 22:17:34 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/12/18 22:17:34 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2011/12/18 22:17:33 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2011/12/18 22:17:32 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2011/12/18 22:17:32 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/12/18 22:17:31 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2011/12/18 22:17:30 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/12/18 22:17:30 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2011/12/18 22:17:30 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/12/18 22:17:29 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2011/12/18 22:17:27 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2011/12/18 22:17:27 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/12/18 22:17:25 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2011/12/18 22:17:25 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/12/18 22:17:24 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2011/12/18 22:17:24 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/12/18 22:17:23 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/12/18 22:17:23 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2011/12/18 22:17:23 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2011/12/18 22:17:22 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2011/12/18 22:17:21 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2011/12/18 22:17:21 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/12/18 22:17:20 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2011/12/18 22:17:19 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/12/18 22:17:18 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2011/12/18 22:17:18 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/12/18 22:17:18 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2011/12/18 22:17:17 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2011/12/18 22:17:17 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2011/12/18 22:17:16 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/12/18 22:17:16 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2011/12/18 22:17:16 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/12/18 22:17:15 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2011/12/18 22:17:14 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2011/12/18 22:17:10 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/12/18 22:17:10 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2011/12/18 22:17:09 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2011/12/18 22:17:08 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2011/12/18 22:17:07 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/12/18 22:17:07 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2011/12/18 22:17:06 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2011/12/18 22:17:05 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2011/12/18 22:17:05 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/12/18 22:17:04 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/12/18 22:17:04 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2011/12/18 22:17:03 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2011/12/18 22:17:02 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2011/12/18 22:16:58 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2011/12/18 22:16:57 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/12/18 22:16:57 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2011/12/18 22:16:56 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2011/12/18 22:16:56 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2011/12/18 22:16:55 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2011/12/18 22:16:54 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2011/12/18 22:16:54 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2011/12/18 22:16:53 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2011/12/18 22:16:53 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2011/12/18 22:16:53 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/12/18 22:16:52 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2011/12/18 22:16:51 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2011/12/18 22:16:50 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2011/12/18 22:16:48 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2011/12/18 22:16:47 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2011/12/18 22:16:44 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2011/12/18 22:16:43 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2011/12/18 22:16:43 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/12/18 22:16:42 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2011/12/18 22:16:42 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2011/12/18 22:16:41 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2011/12/18 22:16:39 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2011/12/18 22:16:38 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2011/12/18 22:16:37 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2011/10/02 12:12:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/02 12:12:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/02 12:12:20 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/02 12:12:20 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/02 12:12:20 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/26 21:40:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 21:40:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/05 05:42:34 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 07:52:47 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010/12/24 07:44:14 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010/12/24 07:44:14 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/11/05 04:54:47 | 000,199,372 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/07/10 04:51:10 | 000,000,680 | ---- | C] () -- C:\Users\Nerwign\AppData\Local\d3d9caps.dat
[2008/11/06 18:58:02 | 000,000,560 | ---- | C] () -- C:\Users\Nerwign\AppData\Roaming\wklnhst.dat
[2008/10/31 05:26:40 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2008/10/31 05:23:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/10/30 05:02:45 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2008/10/29 17:30:47 | 000,186,368 | ---- | C] () -- C:\Users\Nerwign\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/28 03:40:53 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/28 03:12:27 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/28 03:12:27 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 18:49:13 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/07/15 16:48:32 | 000,170,585 | ---- | C] () -- C:\Windows\SysWow64\MCPrintX.dll

========== LOP Check ==========

[2010/12/14 05:59:53 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Amazon
[2010/05/23 05:58:03 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Chiu Software Systems
[2011/10/21 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\CoreFTP
[2010/07/06 18:52:50 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Dropbox
[2011/12/20 06:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\FileZilla
[2010/05/23 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Filter Forge
[2009/01/21 05:47:15 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\ICAClient
[2009/06/18 04:53:25 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\MyPublisher
[2009/08/08 07:11:27 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\NCH Swift Sound
[2010/12/24 07:52:47 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\pdf995
[2008/11/06 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Template
[2011/06/11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\uTorrent
[2010/02/03 15:06:53 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\webex
[2008/10/29 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\WinBatch
[2012/01/04 21:54:37 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/01/03 12:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/01/03 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/01/03 13:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/01/03 14:27:09 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/01/03 14:27:09 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/01/03 15:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/01/03 15:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/01/03 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/01/03 16:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/01/03 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/01/03 17:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/01/03 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/01/03 18:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/01/04 21:53:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/01/04 21:53:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/01/04 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/01/04 20:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/01/04 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/01/04 21:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/01/04 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/01/04 22:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/01/04 23:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/01/04 23:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/01/04 21:51:50 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/20 17:55:46 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19854172-812A-4FBD-8E6E-4F3966C76351}.job

========== Purity Check ==========

< End of report >

Extras.Txt:

OTL Extras logfile created on: 1/5/2012 5:50:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nerwign\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.84% Memory free
8.22 Gb Paging File | 5.53 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.63 Gb Total Space | 68.66 Gb Free Space | 15.17% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.81 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive M: | 1.89 Gb Total Space | 0.18 Gb Free Space | 9.70% Space Free | Partition Type: FAT

Computer Name: NERWIGN-PC | User Name: Nerwign | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23AB12E9-C364-41E5-B866-D1F385966888}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{259A6A70-0C6F-42E6-87ED-529F060B68E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{39357507-4BFD-4B58-BFB7-BC15E8855D30}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A3D6E84-5252-4494-ABC9-D890D500554E}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F039743-0243-426A-803B-84215B608402}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D00D883-904F-4244-99A8-2B935F407282}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2845371-95C6-4318-849B-6E3504860A9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6D5D23E-5905-43C5-9B95-6C55ECAE323A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7BEF8C4-3123-434D-822F-D11EB42C7272}" = lport=139 | protocol=6 | dir=in | app=system |
"{F99D7435-B2D2-46FE-A8F6-9DB65690C40A}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012A8889-D530-47C2-9026-2B7C3017442C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0360E747-D9E6-4EE7-B899-A85AB19577B0}" = dir=in | app=c:\program files (x86)\hp\dvdplay\dvdplay.exe |
"{06CDDF1A-16AF-47E3-852F-493FC6FD38BC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{10E4FA2A-852B-4AFB-A8DF-0C5166FE68A7}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{1B1330CC-5E89-45C9-A2E7-177059B7691C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1CDCC53B-ACF4-47A5-96CE-877B5F5DA1BA}" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\roaming\dropbox\bin\dropbox.exe |
"{1E769ED1-2B21-4662-98CE-A60122B17ADD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{2221A539-196F-4CB8-9878-E903D402E1F4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{32FFC9FB-ED1E-4300-991A-2F0686A1E814}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{3BC87B70-88BF-438A-868B-F56239713AAC}" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D074988-F7B8-431E-BD19-E6B0CAF6C60C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{4F172553-44F4-4D33-8677-4627856F3499}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5379142B-184F-4FA0-BA3D-E366F2553CDD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{57565AC4-C030-47F5-AB5E-4E6AA78A7A97}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{575AE5EA-19EB-4C49-9BF7-D01BB2DF7850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58065429-3DF7-4E0D-A933-0E826F9727EF}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{59EFBF25-B500-4B0E-BF52-557089902E82}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5A4D3501-A9BD-42AD-B6FF-2807500B4548}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{5CEAFC12-4031-44F8-8B42-A3C058F120EF}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{5D00C60D-C651-46D0-BE91-A6D7D614BEC6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5EFE3AF1-1A74-4197-8CFB-276A3DDB2D59}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{69C789E2-AB63-4C15-976A-8DE8ABDA17A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6CFAF21B-12E6-4B59-B472-703E24B8D80C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{6D7687C5-CF70-4BC7-BB65-618371EC3F84}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{6E4DD121-FA6B-4F5C-976C-8C5C7A618189}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{7E98EF0E-F7DE-430E-8EAB-A5D0ECEDB91F}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{8D4CD39A-70C7-4B19-A1AF-E7AE5E678869}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F905BB6-3878-4591-B71D-34D46E8339E1}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{9FBE247D-596B-47B6-8708-A6ADF7A0BC96}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{A064AFCB-005E-45E8-BED3-3670C5D02317}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A84384AA-2EB7-4687-9452-637796F5F07B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8B5A5B5-EFEC-4DE0-9323-FC6C5EDAB7BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6277F51-54C4-4703-A2C5-A34F6EBC2DE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAD0385E-4F26-49E0-94DD-672019A75436}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{BBA71DF3-8F9C-437B-959D-9E015E082443}" = dir=in | app=c:\program files (x86)\hp\dvdplay\dpservice.exe |
"{C0B2B367-FC11-4FA7-AF6A-CC476B33879B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA55ED8E-8006-4364-8CDC-4DB978A9D5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0124419-4D0E-4E30-BA14-B64A1E4A629B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{DB3493D2-EB37-4C9A-83F2-CD67FB418C73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4E00BD3-C1B0-4BEB-B8A5-0432E9B4F16C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{49F94261-4419-47E8-8A5E-1B84506A1681}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{8950AB3D-E97B-478D-9F6D-2E89CF076E22}C:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe |
"TCP Query User{C3DAFE99-A6CD-4F2D-9A6D-A67A73842A6C}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe |
"TCP Query User{E385F5A6-35BD-48F3-A1D5-4ABDF1257719}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe |
"UDP Query User{234E7C43-3816-4CC8-B33D-5142171A4E75}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe |
"UDP Query User{2E24E170-02C6-404D-B69E-557AF537012B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{65BA3FB9-0D1C-4BDE-9B2C-17DEF63DEF87}C:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe |
"UDP Query User{756A5876-ADE5-4F31-8379-9BDA879618E5}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{98220C1E-4A8F-4EEC-9CE4-942DB10B27BD}" = VMware View Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play BD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{9915F060-19D4-11D4-A682-00105AA6FA07}" = D&D Character Generator Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B86688D9-0F85-458B-AFB1-5B3B4C8CE541}" = Opcion Font Viewer
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"CDex" = CDex extraction audio
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Core FTP LE 1.3c" = Core FTP LE 1.3c
"DivX Setup" = DivX Setup
"ExpressRip" = Express Rip
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17© (remove only)
"FileZilla Client" = FileZilla Client 3.5.2
"Filter Forge_is1" = Filter Forge 1.017
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Matroska Pack" = Matroska Pack
"MatroskaProp" = MatroskaProp (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MyPublisher" = MyPublisher
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"sp44626" = sp44626
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 2:17:31 AM | Computer Name = Nerwign-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46785

Error - 12/30/2011 2:17:31 AM | Computer Name = Nerwign-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46785

Error - 12/30/2011 2:39:22 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 1:23:51 PM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 1:41:49 PM | Computer Name = Nerwign-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4e9e0abd,
exception code 0xc0000005, fault offset 0x72f9b022, process id 0x1318, application
start time 0x01ccc71a4ba1e2ed.

Error - 12/30/2011 9:56:32 PM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 3:43:11 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 2:08:37 PM | Computer Name = Nerwign-PC | Source = PC-Doctor | ID = 1
Description =

Error - 12/31/2011 2:45:21 PM | Computer Name = Nerwign-PC | Source = Application Hang | ID = 1002
Description = The program pcdr5cuiw32.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 142c Start Time: 01ccc7e60630d1d0 Termination Time: 6

Error - 1/1/2012 1:57:27 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/4/2012 8:28:21 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 8:48:28 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 9:09:01 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 9:29:09 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.9 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 10:33:36 PM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/5/2012 1:53:05 AM | Computer Name = Nerwign-PC | Source = HTTP | ID = 15016
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >

#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 05 January 2012 - 10:06 PM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 January 2012 - 03:17 AM

Here are the two files. I did not zipe Attach.txt as you did not request me to - I hope this is alright.

Thank you so much for your help!

~Nerwign

Attached Files



#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 January 2012 - 11:42 AM

Hello,
uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 January 2012 - 05:51 PM

I got a little lost while following your instructions. Not your fault - I got so involved reading the tutorial for using ComboFix that I forgot to uninstall uTorrent before running it.

So to summarize:
1) I downloaded and ran ComboFix per instructions
*Note - while I followed the instructions for how to disable all blockers, ComboFix told me AdAware was still running, despite multiple efforts on my part to turn it off.
2) I realized I had not uninstalled uTorrent. I uninstalled uTorrent
3) I ran ComboFix again (getting the same AdAware warnings/issues)
4) I ran DDS.com again

Attached are log.txt from combofix and dds.txt from DDS. Please let me know if there is something I need to do differently. Thank you so much for your help!

Attached Files

  • Attached File  log.txt   18.79KB   137 downloads
  • Attached File  DDS.txt   17.69KB   147 downloads


#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 January 2012 - 06:14 PM

Hi,

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 January 2012 - 08:51 PM

Thank you for your help. Here is the file you requested.

Attached Files

  • Attached File  FSS.txt   4.76KB   201 downloads


#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 08 January 2012 - 10:43 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\etc\HOSTS
RegNull::
[HKEY_USERS\S-1-5-21-456595718-3152782387-4258940814-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE02869A-F7AE-1AFA-02C5-BF9C13D5DC8F}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 2.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, fresh dds logs (after a reboot) and above mentioned ComboFix resultant log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 08 January 2012 - 07:07 PM

I uninstalled Java, Adobe Reader and Adobe Flash.

I downloaded and installed new Java, Adobe Reader (including update) and Adobe Flash.

I combined CFScript with ComboFix.

I rebooted.

I ran ComboFix (log file attached). ComboFix again complained that AdAware was running, though there is no indication to me that this is true. There is no system tray icon and I did not start the program myself. Also ComboFix stated that there was a newer version and asked me if I would like to update. I said no.

I ran DDS.com (DDS log file attached).

I ran ESET online scan. It did not generate a lot on its own but allowed me to save a list of the issues found, as a txt file. I have attached that also.

Attached Files



#10 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 08 January 2012 - 07:17 PM

Hi,

ComboFix log indicates that the tool wasn't run with CFScript.txt file. How did you run it?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#11 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 08 January 2012 - 11:44 PM

I copied the text you included, opened Notepand and pasted the text. I checked to make sure it was all there and saved it on my desktop as CFScript.txt. I then dragged and dropped CFScript.txt onto the ComboFix icon. A small window popped up. It had a black background and green text scrolled by.

I do not recall beyond that.

How should I make sure it is done correctly and what is my next step? Thank you so much!

Sincerely,

Nerwign

#12 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 January 2012 - 06:55 AM

Hi,

Please ensure CFScript.txt contents is like guided above. Then redo the ComboFix run with the script (allow tool to update itself).
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#13 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 09 January 2012 - 03:05 PM

I checked the contents of CFScript (copied your text and pasted it in again). I then dragged the CFScript onto ComboFix. The black popup with green text came up again.

When it was done I ran ComboFix again. I did not watch it run. In the morning, when it was done, I noticed that CFScript.txt is no longer on my desktop. I hope this is OK.

Here is the log.txt.

Sincerely,

Nerwign

Attached Files

  • Attached File  log.txt   19.82KB   217 downloads


#14 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 January 2012 - 05:13 PM

Good. Reboot and post fresh dds logs. Then see if you're able to access firewall settings in Security Center (in Control Panel) without any issues.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#15 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 10 January 2012 - 03:11 PM

Here is the DDS.txt file, but I do not know what you want me to do with firewall settings.

Though I have some computer literacy, I am a complete noob when it comes to network settings. I am on a home network that is usually controlled by the other computer.

~Nerwign

Attached Files



#16 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 January 2012 - 03:25 PM

Hi,

Just see if you're able to access Windows Firewall settings without any errors. Also, try to re-enable Windows Defender.

Report back and we'll continue after that.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#17 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 11 January 2012 - 03:39 AM

I am not sure what steps I should be using to try to access my firewall settings. I went in and tried to turn on the firewall. It said that it could not. I tried to click the option for manual settings. Then I clicked on "Update Settings Now" but nothing seemed to happen when I clicked that.

I went into the Windows Defender and just clicking on that from the left-hand menu brought up an error.

I have attached jpg images. Please let me know if I should attach something else and/or what I should do now?


Thank you so much for your help!

~Nerwign

Attached Thumbnails

  • Defender01-10-2012.jpg
  • Firewall01-10-2012.jpg


#18 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 11 January 2012 - 09:02 AM

Hi,

Please download and run this tool. Then check firewall enabling again.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#19 Nerwign

Nerwign

    Member

  • Members
  • PipPip
  • 18 posts

Posted 11 January 2012 - 03:41 PM

I tried to run the tool but it gave me an error, saying the tool did not apply to me.

#20 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 11 January 2012 - 05:17 PM

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
SWREG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" /s >"%userprofile%\desktop\Logit.txt"
DEL %0

Right-click on fixes.bat file and select run as administrator to execute it. Black window will open and close. After that Logit.txt file should exist on the desktop. Attach it to your post (or let me know if the file didn't appear).
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users