1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Alpha Online Scan / Attack Ware

Discussion in 'Virus & Other Malware Removal' started by RrK-e-Typ, Nov 14, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    I was browsing the web recently and came across new and persistent rogue anti virus. It is called Alpha Online Scan I was first attacked by it while googling for Alex Jones Videos. It is listed as an attack site by Firefox and when I try to go to the site on my own it is blocked. Some how it has popped up twice by hijacking a browser. The link is listed below. I have been successful in preventing its installation up to this point, but I fear that my son who is nine may be using my computer and allow this thing to install. I will return to post an HJT log to determine if there is something serving this page from my system. Thanks for any help.

    http://goodantispy2.com/2/?sess==GQ02jTwNy01JmlwPTE2Ni4yMTcuMTIuMjQ4JnRpbWU9MTI1NTkwOY0MaQ=O

    http://win-antispy2.com/2/?sess==GQx5jDxOC0xJmlwPTE2Ni4yMTcuOTYuMTU3JnRpbWU9MTI1NTEwNY0MaQ=N
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again RrK-e-Typ,

    You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

    If you do not have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    So when you return please post
    • MBAM log
    • the two OTL logs - OTL.txt and Extras.txt



    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  3. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    Hello Emerald, thanks for taking a look at my post. Here is the MBAM logfile of the scan:

    Malwarebytes' Anti-Malware 1.41
    Database version: 3173
    Windows 6.0.6001 Service Pack 1

    11/15/2009 5:37:33 PM
    mbam-log-2009-11-15 (17-37-33).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 320665
    Time elapsed: 56 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    Here are the OTL log files:

    OTL logfile created on: 11/15/2009 3:19:40 AM - Run 1
    OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Lchmst\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.89% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.04 Gb Total Space | 103.68 Gb Free Space | 36.37% Space Free | Partition Type: NTFS
    Drive D: | 13.05 Gb Total Space | 1.71 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 931.28 Gb Total Space | 398.41 Gb Free Space | 42.78% Space Free | Partition Type: FAT32
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LCHMST-PC
    Current User Name: Lchmst
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Lchmst\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Lchmst\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    PRC - C:\Users\Lchmst\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)
    PRC - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)
    PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
    PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
    PRC - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
    PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
    PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
    PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
    PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Lchmst\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AQtime 6 Service) -- C:\Program Files (x86)\Automated QA\AQtime 6\Bin\DebuggerService6x86.exe (AutomatedQA Corporation)
    SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (ATTRcAppSvc) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)
    SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
    SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
    SRV - (QPCapSvc) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
    SRV - (QPSched) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
    SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (RichVideo) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
    SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
    SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (hpqwmiex) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys ()
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys ()
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
    DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys ()
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
    DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
    DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
    DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
    DRV:64bit: - (usbaudio) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
    DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
    DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
    DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
    DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys ()
    DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
    DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
    DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys ()
    DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys ()
    DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys ()
    DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys ()
    DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
    DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
    DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
    DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys ()
    DRV:64bit: - (NETw4v64) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
    DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
    DRV:64bit: - (hcw85bda) -- C:\Windows\SysNative\drivers\HCW85BDA.sys ()
    DRV:64bit: - (RDID1040) -- C:\Windows\SysNative\Drivers\rdwm1040.sys ()
    DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
    DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys ()
    DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
    DRV - (cdrbsdrv) -- C:\Windows\SysWOW64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
    DRV - (aqIPD6) -- C:\Windows\SysWOW64\drivers\aqIPD6.sys (AutomatedQA Corporation)
    DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl (Cyberlink Corp.)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.tagged.com/profile.html?clickA=navheader_top&page=home.html&clickX=532&clickY=14"
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/01 08:43:10 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/27 03:43:55 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/10/28 04:32:59 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/29 08:23:18 | 00,000,000 | ---D | M]

    [2009/11/09 06:27:01 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Extensions
    [2008/07/13 15:09:01 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/11/09 06:27:01 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2009/11/15 02:53:30 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\extensions
    [2009/10/27 09:20:34 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/01/17 23:21:48 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/10/29 10:45:03 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\extensions\[email protected]
    [2009/06/26 23:25:47 | 00,000,650 | ---- | M] () -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\searchplugins\delicious-tag.xml
    [2008/12/12 13:23:54 | 00,002,158 | ---- | M] () -- C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\searchplugins\MySpace.xml
    [2009/10/17 22:17:11 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/10/28 04:32:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2008/05/19 16:40:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    [2008/08/11 08:10:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    [2009/05/14 09:17:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [2009/09/03 14:37:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2009/10/28 04:32:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
    [2009/10/28 04:32:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
    [2007/08/24 21:52:00 | 00,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
    [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    [2008/11/24 14:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
    [2007/08/29 16:47:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
    [2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
    [2009/10/28 04:32:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    [2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    [2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    [2008/05/01 08:43:05 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    [2008/05/01 08:43:15 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    [2008/05/01 08:43:02 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    [2009/04/30 08:40:50 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2009/04/30 08:40:50 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
    [2009/04/30 08:40:50 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
    [2009/04/30 08:40:50 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
    [2009/04/30 08:40:50 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
    [2009/04/30 08:40:50 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
    [2009/04/30 08:40:50 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (304589 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 10492 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - Reg Error: Value error. File not found
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
    O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
    O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [QPService] C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Lchmst\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Users\Lchmst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WD Diagnostics [2008/11/10 14:25:37 | 00,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
     
  5. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    CONT:

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.183.33.23 209.183.35.23
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
    O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O32 - AutoRun File - [2007/09/26 15:51:18 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
    O33 - MountPoints2\{f26ed8c5-ae07-11de-9d48-00f1d000f1d0}\Shell - "" = AutoRun
    O33 - MountPoints2\{f26ed8c5-ae07-11de-9d48-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/11/14 22:20:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2009/11/14 22:20:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2009/11/10 13:20:39 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Software
    [2009/11/10 13:20:39 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Software
    [2009/11/09 10:19:07 | 00,000,000 | -HSD | C] -- C:\Config.Msi
    [2009/11/09 06:27:30 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\Documents\LimeWire
    [2009/11/09 05:58:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
    [2009/11/09 05:58:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
    [2009/11/09 05:46:03 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\AppData\Roaming\Registry Mechanic
    [2009/11/09 05:38:52 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
    [2009/11/09 05:38:52 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
    [2009/11/09 05:38:52 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
    [2009/11/09 05:38:52 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
    [2009/11/09 05:38:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2009/11/09 05:38:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
    [2009/11/04 09:09:38 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\Documents\Recordpad
    [2009/11/04 09:09:38 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\AppData\Roaming\Recordpad
    [2009/11/03 10:43:52 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\AppData\Roaming\NCH Software
    [2009/11/03 10:41:06 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
    [2009/11/03 10:41:06 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
    [2009/11/03 10:41:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
    [2009/11/03 10:36:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
    [2009/11/03 10:36:14 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\AppData\Roaming\NCH Swift Sound
    [2009/10/26 23:55:27 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
    [2009/10/26 23:42:01 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
    [2009/10/26 23:42:00 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
    [2009/10/26 23:41:59 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
    [2009/10/26 23:41:59 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
    [2009/10/26 23:41:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
    [2009/10/26 23:41:37 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
    [2009/10/26 23:41:24 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
    [2009/10/20 18:23:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
    [2009/10/20 08:17:06 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
    [2009/10/20 08:17:06 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
    [2009/10/20 08:17:06 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
    [2009/10/20 08:16:59 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
    [2009/10/20 08:16:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
    [2009/10/19 22:05:30 | 00,000,000 | ---D | C] -- C:\Users\Lchmst\AppData\Local\Deployment
    [2009/10/17 22:07:29 | 00,000,000 | ---D | C] -- C:\Windows\Sun
    [2008/04/18 22:44:16 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Lchmst\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2009/11/15 03:20:14 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B97050E-0959-447C-8602-BF69C39205CA}.job
    [2009/11/15 03:17:09 | 08,126,464 | ---- | M] () -- C:\Users\Lchmst\ntuser.dat
    [2009/11/15 02:41:23 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2009/11/15 02:41:23 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2009/11/15 02:41:23 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2009/11/15 02:35:50 | 00,067,822 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2009/11/15 02:35:50 | 00,067,822 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2009/11/15 02:35:44 | 00,000,253 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2009/11/15 02:34:58 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/11/15 02:34:58 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/11/15 02:34:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/11/15 02:34:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/11/15 00:06:08 | 00,524,288 | -HS- | M] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TMContainer00000000000000000001.regtrans-ms
    [2009/11/15 00:06:08 | 00,065,536 | -HS- | M] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TM.blf
    [2009/11/15 00:05:51 | 03,241,628 | -H-- | M] () -- C:\Users\Lchmst\AppData\Local\IconCache.db
    [2009/11/14 22:20:28 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/11/13 18:45:23 | 56,383,6541 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2009/11/11 16:30:03 | 00,170,203 | ---- | M] () -- C:\Users\Lchmst\Documents\OAExamApplicationCMH.pdf
    [2009/11/11 16:28:19 | 00,399,531 | ---- | M] () -- C:\Users\Lchmst\Documents\cmhEandETestPaper.pdf
    [2009/11/10 20:32:44 | 00,002,419 | ---- | M] () -- C:\Users\Lchmst\Desktop\hor2.gif
    [2009/11/10 20:31:40 | 00,056,848 | ---- | M] () -- C:\Users\Lchmst\Desktop\stele-f1.jpg
    [2009/11/10 13:23:20 | 00,019,423 | ---- | M] () -- C:\Users\Lchmst\Desktop\birthday.jpg
    [2009/11/10 13:19:39 | 00,118,172 | ---- | M] () -- C:\Users\Lchmst\Desktop\birthday.png
    [2009/11/09 20:00:00 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Lchmst.job
    [2009/11/09 06:21:45 | 00,524,288 | -HS- | M] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TMContainer00000000000000000002.regtrans-ms
    [2009/11/09 05:46:13 | 08,388,608 | ---- | M] () -- C:\Users\Lchmst\ntuser.dat.rmbak
    [2009/11/09 05:46:13 | 00,524,288 | -HS- | M] () -- C:\Users\Lchmst\ntuser.dat{e2ce497e-23c6-11de-8d42-00f1d000f1d0}.TMContainer00000000000000000001.regtrans-ms
    [2009/11/09 05:46:13 | 00,065,536 | -HS- | M] () -- C:\Users\Lchmst\ntuser.dat{e2ce497e-23c6-11de-8d42-00f1d000f1d0}.TM.blf
    [2009/11/09 05:38:53 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
    [2009/11/04 09:07:43 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLchmst.job
    [2009/11/03 11:28:39 | 00,000,950 | ---- | M] () -- C:\Users\Public\Desktop\NCH Toolbox.lnk
    [2009/11/03 10:41:38 | 00,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Pixillion Image Converter.lnk
    [2009/11/03 10:41:29 | 00,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video Converter.lnk
    [2009/11/03 10:41:16 | 00,001,008 | ---- | M] () -- C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
    [2009/11/03 10:41:06 | 00,001,000 | ---- | M] () -- C:\Users\Public\Desktop\RecordPad Sound Recorder.lnk
    [2009/11/03 10:40:51 | 00,000,968 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    [2009/11/03 10:39:01 | 00,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
    [2009/11/02 20:42:06 | 00,226,688 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
    [2009/11/01 19:33:56 | 00,158,208 | ---- | M] () -- C:\Users\Lchmst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
  6. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    CONT:

    ========== Files Created - No Company Name ==========

    [2009/11/14 22:20:28 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/11/11 16:30:03 | 00,170,203 | ---- | C] () -- C:\Users\Lchmst\Documents\OAExamApplicationCMH.pdf
    [2009/11/11 16:28:18 | 00,399,531 | ---- | C] () -- C:\Users\Lchmst\Documents\cmhEandETestPaper.pdf
    [2009/11/10 20:32:43 | 00,002,419 | ---- | C] () -- C:\Users\Lchmst\Desktop\hor2.gif
    [2009/11/10 20:31:40 | 00,056,848 | ---- | C] () -- C:\Users\Lchmst\Desktop\stele-f1.jpg
    [2009/11/10 13:23:20 | 00,019,423 | ---- | C] () -- C:\Users\Lchmst\Desktop\birthday.jpg
    [2009/11/10 13:19:37 | 00,118,172 | ---- | C] () -- C:\Users\Lchmst\Desktop\birthday.png
    [2009/11/09 05:48:13 | 00,524,288 | -HS- | C] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TMContainer00000000000000000002.regtrans-ms
    [2009/11/09 05:48:13 | 00,524,288 | -HS- | C] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TMContainer00000000000000000001.regtrans-ms
    [2009/11/09 05:48:13 | 00,065,536 | -HS- | C] () -- C:\Users\Lchmst\ntuser.dat{a43b73f9-cd1b-11de-9080-00f1d000f1d0}.TM.blf
    [2009/11/09 05:38:53 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
    [2009/11/03 11:28:39 | 00,000,950 | ---- | C] () -- C:\Users\Public\Desktop\NCH Toolbox.lnk
    [2009/11/03 10:41:38 | 00,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Pixillion Image Converter.lnk
    [2009/11/03 10:41:29 | 00,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video Converter.lnk
    [2009/11/03 10:41:16 | 00,001,008 | ---- | C] () -- C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
    [2009/11/03 10:41:06 | 00,001,000 | ---- | C] () -- C:\Users\Public\Desktop\RecordPad Sound Recorder.lnk
    [2009/11/03 10:40:51 | 00,000,968 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    [2009/11/03 10:39:01 | 00,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
    [2009/10/26 23:55:32 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
    [2009/10/26 23:55:27 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
    [2009/10/26 23:42:02 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
    [2009/10/26 23:42:01 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
    [2009/10/26 23:42:00 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
    [2009/10/26 23:41:59 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
    [2009/10/26 23:41:59 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
    [2009/10/26 23:41:40 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
    [2009/10/26 23:41:37 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
    [2009/10/26 23:41:24 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
    [2009/10/20 08:17:50 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
    [2009/10/20 08:17:50 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
    [2009/10/20 08:17:50 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
    [2009/10/20 08:17:50 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
    [2009/10/20 08:17:06 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
    [2009/10/20 08:17:06 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
    [2009/10/20 08:17:06 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
    [2009/10/20 08:16:59 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
    [2009/10/20 08:16:59 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
    [2009/10/16 03:34:26 | 03,241,628 | -H-- | C] () -- C:\Users\Lchmst\AppData\Local\IconCache.db
    [2009/09/23 19:23:47 | 00,001,044 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\vso_ts_preview.xml
    [2009/08/11 09:40:32 | 00,521,088 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\dd_ATL80SP1_KB973923MSI0FFF.txt
    [2009/08/11 09:40:30 | 00,011,692 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\dd_ATL80SP1_KB973923UI0FFF.txt
    [2009/08/11 09:40:05 | 00,523,014 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\dd_ATL80SP1_KB973923MSI0FAA.txt
    [2009/08/11 09:40:04 | 00,011,772 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\dd_ATL80SP1_KB973923UI0FAA.txt
    [2009/04/03 19:54:59 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2009/04/03 19:54:56 | 00,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/04/03 19:54:55 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2009/04/03 19:54:55 | 00,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/04/03 19:54:53 | 00,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/04/03 19:54:53 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
    [2009/03/25 17:25:35 | 00,067,822 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/03/25 17:25:33 | 00,067,822 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/02/09 00:05:20 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll
    [2009/02/09 00:05:20 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
    [2008/10/16 02:24:54 | 00,034,816 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_24.IFO
    [2008/10/16 02:24:54 | 00,014,336 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_26.IFO
    [2008/10/16 02:24:54 | 00,014,336 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_21.IFO
    [2008/10/16 02:24:54 | 00,012,288 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_25.IFO
    [2008/10/16 02:24:54 | 00,012,288 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_23.IFO
    [2008/10/16 02:24:54 | 00,012,288 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_22.IFO
    [2008/10/16 02:24:53 | 00,038,912 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\00000A4C_VTS_0.IFO
    [2008/08/12 16:34:30 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
    [2008/05/17 08:16:49 | 00,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
    [2008/05/17 08:16:49 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
    [2008/04/29 08:26:29 | 00,027,934 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\nvModes.001
    [2008/04/29 08:26:09 | 00,027,934 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\nvModes.dat
    [2008/04/18 22:44:56 | 00,000,034 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\pcouffin.log
    [2008/04/18 22:44:16 | 00,099,384 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\inst.exe
    [2008/04/18 22:44:16 | 00,007,859 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\pcouffin.cat
    [2008/04/18 22:44:16 | 00,001,167 | ---- | C] () -- C:\Users\Lchmst\AppData\Roaming\pcouffin.inf
    [2008/04/18 21:52:16 | 00,000,680 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\d3d9caps.dat
    [2008/04/17 15:37:37 | 00,113,400 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\GDIPFONTCACHEV1.DAT
    [2008/04/17 15:37:19 | 00,000,000 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\QSwitch.txt
    [2008/04/17 15:37:19 | 00,000,000 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\DSwitch.txt
    [2008/04/17 15:37:19 | 00,000,000 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\AtStart.txt
    [2008/04/17 12:20:28 | 00,158,208 | ---- | C] () -- C:\Users\Lchmst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/18 01:44:57 | 00,007,208 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
    [2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
    [2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:34:27 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
    [2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

    ========== LOP Check ==========

    [2009/11/14 08:34:20 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\BitTorrent
    [2009/04/10 14:36:01 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Capture
    [2009/11/15 03:15:40 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\DNA
    [2009/10/22 22:28:14 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\eMusic
    [2008/08/13 09:26:51 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\GlarySoft
    [2008/07/13 14:49:18 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\iExpert Software
    [2009/08/08 09:21:54 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Image Zone Express
    [2009/11/11 14:20:59 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\LimeWire
    [2009/04/07 10:33:51 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\MSNInstaller
    [2009/09/26 16:03:13 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\muvee Technologies
    [2009/11/03 11:22:15 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\NCH Swift Sound
    [2009/08/08 09:21:52 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Printer Info Cache
    [2009/08/12 22:20:08 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\RarRecoverEasy
    [2009/11/04 09:09:38 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Recordpad
    [2009/11/09 05:46:03 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Registry Mechanic
    [2008/06/11 07:50:42 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Sierra Wireless
    [2009/02/03 09:12:23 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\uTorrent
    [2009/11/03 01:16:02 | 00,000,000 | ---D | M] -- C:\Users\Lchmst\AppData\Roaming\Vso
    [2009/11/15 02:34:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
    [2009/11/15 00:06:00 | 00,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2009/11/15 03:20:14 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1B97050E-0959-447C-8602-BF69C39205CA}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CB0AACC9
    < End of report >
     
  7. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    OTL Extras logfile created on: 11/15/2009 3:19:40 AM - Run 1
    OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Lchmst\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.89% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.04 Gb Total Space | 103.68 Gb Free Space | 36.37% Space Free | Partition Type: NTFS
    Drive D: | 13.05 Gb Total Space | 1.71 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 931.28 Gb Total Space | 398.41 Gb Free Space | 42.78% Space Free | Partition Type: FAT32
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LCHMST-PC
    Current User Name: Lchmst
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
    batfile [open] -- "%1" %* File not found
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
    cmdfile [open] -- "%1" %* File not found
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
    piffile [open] -- "%1" %* File not found
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
    "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
    "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0825E16D-E988-4BE8-9D05-AD28B1874B35}" = lport=61054 | protocol=6 | dir=in | name=utorr |
    "{10C7C063-5F88-42CA-A96C-E99B60666C6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{146E2F48-4450-4BB5-A6E1-0D53565DF7D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2631196A-565E-4F48-A4FA-D14565C176C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{274025E3-93A0-43F6-AE63-664BC4946DE3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2DC3AE9F-38D7-437A-BD50-507E4497B075}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2DE3E570-9E19-482C-84C4-32D336C31960}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2E2C226F-5238-4541-9DEB-95B0A8B43D95}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{31166AB9-BCCB-42D2-A219-09F3F3FB4A3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{3FADB073-CBF6-42A8-B541-60826DC11E81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{66A1B3F0-62B3-4A3D-AE59-6CE7789D459C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{76F5FD32-9818-45B0-B25A-F4385E5DE6B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{829F361A-2A28-45BB-A017-CFAE5BA7204C}" = lport=22100 | protocol=6 | dir=in | name=bt |
    "{96BBE0A9-6E61-45D5-8CC5-2854973BD73E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{9A5EC36A-7A51-4CA9-8F49-9B0DF9D5980B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{ACCAC3CC-7A1B-434C-AB54-72D437D10129}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AE1522DF-AC5D-49AD-8DF4-39815044107A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F6967FEB-F47C-4282-A98E-B9F2257A79BC}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C5D6C7-3F19-48CC-AEEE-A8B6E503E6D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1AC6AE54-C7BE-40E8-9165-2F1A6AB3BC40}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{2592F2C0-C1CA-4E5A-9D55-2B7A1A81FE41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{28E1E7D8-4C0A-4DD6-A9C9-0C53A9EDE880}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2AB52210-18E4-4EC5-A9C6-C512B56D8E3A}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
    "{2ABF74E0-01D2-48DA-AC22-6B5B711C9D69}" = protocol=6 | dir=out | app=system |
    "{2E472F4E-0913-4FB5-BDE6-6AFD1D34C966}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{2FD6B068-5224-4D59-AED7-3B1C9A6354AD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{3191155E-BF4C-4243-9C03-C5F311402F03}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
    "{37197C3D-7E69-458D-8963-3E2A755000F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{38C446D0-7217-49C8-948D-0852FFF2F3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{41950F07-58DE-4417-8DBF-FC8CB03A3C99}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{476C8A6C-D5AD-45A1-9AA0-D4F81A437D74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A5F0C26-CB05-4AFB-BB8A-A50633A42710}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{4FA418FC-22E7-449D-A336-230E9435BBE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4FB33A06-0506-428A-9371-2589374B4B25}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
    "{538B28FC-9026-4A84-A68B-311C82B72B19}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{553ECBEA-0E52-400D-83A1-8303239F2894}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{5B043AC3-F648-4814-BE26-67D1AB5AA261}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{5F1BF9F1-32B3-40D6-BD54-7472E38A5F25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6164391A-5433-4355-82B4-67116337E728}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
    "{679C5F9F-8E51-41BC-849D-9B5E28241C52}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{6A844B5C-2444-4CDC-9EB4-B486E7951F98}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{6E60ED57-6925-4B4C-A410-8DBF6CB5B850}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7AA146DA-88A8-47A4-BF2A-F1D493546FE7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8914A959-BFF0-4C98-B664-76BF7035E7E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8B1C0EC9-3851-4432-97BE-8EABAF7126A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8B999428-F920-4B56-853F-C3ED3D0C4496}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{90762134-84F6-4FC3-A57C-A21B65EB2478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9086009C-B1DF-470A-925C-80FD1ABC689D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{90CA43AB-AEE0-441B-AE1C-D815AF2FDC47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{979C021D-F38F-4844-B6F5-2F8A0F56D2E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{98B83E54-42F9-4612-8AF2-7FC7E463E771}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{98F45443-59AA-435B-948C-E7B08B8C161C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{9BEFC38A-4C6D-40F8-A29C-82E01EEE76F2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A3119705-7614-466E-9B56-F3B486080DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{AD54582B-32DD-4374-8B24-3FA18430C80D}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |
    "{B2E5D29F-9F17-45B6-B489-FDFC9EBBB95F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B5D7E97F-6290-41D9-A55F-5E5FD80E4D52}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
    "{B611B266-7872-45AD-B54A-FCE3AF5E30B5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{B6916F4D-F034-4855-87CA-4D13D19CA989}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{B9C79004-99A0-4419-93D7-81EBC030D94D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{BFA35B41-1BFE-42A6-A0FE-A8C42A8A7F76}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{C120B0F6-8437-424C-AB0C-2B1B5E137BE1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
    "{CEC6C09F-08E7-4884-B3E9-26E9B5C575BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{D7194317-BC13-4ACD-914D-51A426F1DDFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
    "{DE00FE60-484D-483E-AA4E-0F7446B737D0}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{E643951F-A012-4FEF-9B54-70D5F81E3C43}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{F6497395-EB24-473A-B4B7-CD3B8A709D88}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{FB75ABA8-ED7E-4DB8-9391-678A971BBFC3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{FDAA4374-507A-42E8-97F5-989EA44C7086}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FF153752-858D-4F24-97E4-1D632EF5F2DB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "TCP Query User{194F3F19-0C21-41F7-BBA0-AB5CDDC9F8A0}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{599A3243-17A3-429D-815C-4B89FD055305}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "TCP Query User{90552038-AACD-45CE-97C5-88ACC721E227}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{AEC56DD6-4A78-44F9-A1E9-1D52502AF277}C:\users\lchmst\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\lchmst\program files (x86)\dna\btdna.exe |
    "TCP Query User{B1EF0A8F-08B1-41C2-BD01-1A2BC320BF11}C:\users\lchmst\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\lchmst\program files (x86)\dna\btdna.exe |
    "UDP Query User{1234B828-79B7-4FAB-9874-1E48959888BB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{3AE988E8-2F90-4625-85B5-CB8321BE5D2D}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{523BF612-D65D-4CDD-8EB4-4228CF41AFB5}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "UDP Query User{5ACC514F-75C8-4E2B-9C68-4B63988C01C7}C:\users\lchmst\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\lchmst\program files (x86)\dna\btdna.exe |
    "UDP Query User{7DB4A196-701B-4D90-963A-FB4F623AD626}C:\users\lchmst\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\lchmst\program files (x86)\dna\btdna.exe |
     
  8. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    CONT:


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{443027F6-2A85-4ACE-B4E8-5F44C02EA301}" = AT&T Communication Manager
    "{4C00EC96-D644-41AD-91D3-A9CE4382C80E}" = Driver Installer
    "{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelĀ® Matrix Storage Manager
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Drivers" = NVIDIA Drivers
    "RolandRDID0040" = EDIROL UA-3FX Driver
    "SMSERIAL" = Motorola SM56 Speakerphone Modem
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims&#8482; Life Stories
    "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
    "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
    "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
    "{BB620A81-148B-4B73-B526-8F6EF8C7DD4A}" = AutomatedQA AQtime 6
    "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AIM_6" = AIM 6
    "ASCII Art Generator_is1" = ASCII Art Generator 3.2.2
    "avast!" = avast! Antivirus
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.5
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
    "MSNINST" = MSN
    "Native Instruments Traktor DJ Studio v3.1.3" = Native Instruments Traktor DJ Studio v3.1.3
    "Pixillion" = Pixillion Image Converter
    "Prism" = Prism Video Converter
    "RealPlayer 6.0" = RealPlayer
    "Recordpad" = RecordPad Sound Recorder
    "Registry Mechanic_is1" = Registry Mechanic 9.0.0.114
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "SoundTap" = SoundTap Streaming Audio Recorder
    "Super DVD Creator_is1" = Super DVD Creator 9.5
    "Switch" = Switch Sound File Converter
    "ToolBox" = NCH Toolbox
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WavePad" = WavePad Sound Editor
    "WildTangent hp Master Uninstall" = My HP Games
    "Win Web Crawler 2.0_is1" = Win Web Crawler 2.0
    "WinAVI Video Converter_is1" = WinAVI Video Converter
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 10/22/2009 5:03:27 PM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 10/23/2009 6:21:22 PM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 10/26/2009 12:56:26 PM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 10/27/2009 1:06:25 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 10/27/2009 1:14:21 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Roaming\Mozilla\Firefox\Profiles\5u2yhb6s.default\places.sqlite-journal
    failed, 00000005.

    Error - 10/27/2009 4:57:13 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat failed,
    00000005.

    Error - 10/27/2009 10:44:42 PM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 10/29/2009 4:08:55 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat failed,
    00000005.

    Error - 11/1/2009 10:08:58 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    Error - 11/2/2009 7:19:23 AM | Computer Name = Lchmst-PC | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    failed, 00000005.

    [ Application Events ]
    Error - 2/11/2009 9:38:37 AM | Computer Name = Lchmst-PC | Source = WinDefendRtp | ID = 3003
    Description =

    Error - 2/11/2009 10:03:34 AM | Computer Name = Lchmst-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/11/2009 10:04:00 AM | Computer Name = Lchmst-PC | Source = WinDefendRtp | ID = 3003
    Description =

    Error - 2/12/2009 11:14:18 AM | Computer Name = Lchmst-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/12/2009 11:16:26 AM | Computer Name = Lchmst-PC | Source = WinDefendRtp | ID = 3003
    Description =

    Error - 2/12/2009 11:30:11 AM | Computer Name = Lchmst-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/12/2009 11:31:31 AM | Computer Name = Lchmst-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/12/2009 11:31:31 AM | Computer Name = Lchmst-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 2/12/2009 2:28:38 PM | Computer Name = Lchmst-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/12/2009 2:29:09 PM | Computer Name = Lchmst-PC | Source = WinDefendRtp | ID = 3003
    Description =

    [ Media Center Events ]
    Error - 5/30/2008 6:20:34 PM | Computer Name = Lchmst-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    [ System Events ]
    Error - 11/13/2009 7:45:30 PM | Computer Name = Lchmst-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:42:33 PM on 11/13/2009 was unexpected.

    Error - 11/13/2009 7:45:37 PM | Computer Name = Lchmst-PC | Source = HTTP | ID = 15016
    Description =

    Error - 11/13/2009 7:45:49 PM | Computer Name = Lchmst-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/13/2009 7:47:21 PM | Computer Name = Lchmst-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 166.203.182.150 for the Network Card with network
    address 00F1D000F1D0 has been denied by the DHCP server 166.217.96.156 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/14/2009 1:16:02 AM | Computer Name = Lchmst-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 166.217.96.157 for the Network Card with network
    address 00F1D000F1D0 has been denied by the DHCP server 32.178.164.126 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/15/2009 3:33:52 AM | Computer Name = Lchmst-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 11/15/2009 3:34:03 AM | Computer Name = Lchmst-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\drivers\aqIPD6.sys has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 11/15/2009 3:34:54 AM | Computer Name = Lchmst-PC | Source = HTTP | ID = 15016
    Description =

    Error - 11/15/2009 3:35:13 AM | Computer Name = Lchmst-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/15/2009 3:43:21 AM | Computer Name = Lchmst-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 32.178.164.125 for the Network Card with network
    address 00F1D000F1D0 has been denied by the DHCP server 166.203.194.100 (The DHCP
    Server sent a DHCPNACK message).


    < End of report >
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again RrK-e-Typ,

    It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

    Please click here to download AVP Tool by Kaspersky.
    • Save it to your desktop.
    • Reboot your computer into SafeMode.
      You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
      Use your up arrow key to highlight SafeMode then hit enter
      .
    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder.Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.

    • [*] System Memory
      [*]Startup Objects
      [*]Disk Boot Sectors.
      [*]My Computer.
      [*]Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
    Then choose OK again then you are back to the main screen.

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file, name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.

     
  10. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    Hello Emerald, Sorry for the lapse in my post. The first download was corrupted so I had to download again. Then it seems as if the tool did a double scan and scanned all my disks twice. I stopped it when I noticed it was scanning one of my external drives for a second time. It did however find two trojans one that I should have found on my own and another in application data. zHere are the results of the scan. Thanks again for taking the time to review my logs.

    Kaspersky Scan

    Scan
    ----
    Scanned: 2418369
    Detected: 2
    Untreated: 0
    Start time: 11/18/2009 3:41:42 PM
    Duration: 12:54:59
    Finish time: 11/19/2009 4:36:41 AM


    Detected
    --------
    Status Object
    ------ ------
    deleted: Trojan program Trojan.JS.Fav.n File: C:\Users\Lchmst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4I3490QQ\default[1].js
    deleted: Trojan program Trojan-Clicker.WMA.Agent.d File: C:\Users\Lchmst\Shared\Michael Jackson - She Drives Me Wild.wma

    The scan was done in safe mode as instructed. I deleted the WMA threat manually while the scan was still running. The other was deleted by the scanner. I look forward to further advice. Could either of these have been responsible for the pop-up scanners that I have been plagued with?
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello RrK-e-Typ,

    Don't know what happened there.

    Thought I had answered this the other day.:rolleyes:

    In any event the crux of the matter was to make sure Kaspersky AVP had finished it's job.

    I wanted to make sure it had been allowed to continue to the end in case your interruption had stopped it properly removing malware it found .:)

    How is your machine now?
     
  12. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    So far I have not seen any more of those hijacked tabs. It doesn't seem as if my stopping the second pass interrupted removal of the bugs. I also created a new restore point. None of the infections found were on either of the external drives so I will scan again with all external drives removed.

    Overall, I would say the the system appears to be more stable than when we began this thread. Are there any additional scans that can be performed? Is there any additional software that I need to download/install?

    Thanks again for your taking time to review the logs and I look forward to your next post. Have a great Monday.
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Nothing that would add to what we already have done. I generally like to run MBAM again at the again at the end just to make sure we have covered everything. Perhaps you could update that and carry out a scan. If it shows anything post it back here, otherwise just carry out the instructions below.

    • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
    • Click on the CleanUp! button
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

    I have not included instructions to set a new Restore Point as you have already done that.

    Neither have I listed my notes on protection because you have seen those in the past.

    Have a nice computing day.:)
     
  14. RrK-e-Typ

    RrK-e-Typ Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    78
    I ran the OTL scan as instructed but did not find any additional infections. Only the Purity Check Log was displayed in the end. No LOP Log was displayed not sure why was that. I also ran the MBAM scan since the last post and nothing was found from that scan either. I did not post any logs with this post. Please let me know if there are any additional inspections that should be performed. Thanks for taking the time to view the thread and instructing me on how to rid my system of any malicious files. Have a great weekend and I look forward to your next post.
     
  15. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Nothing more to do unless your machine is displaying problems [​IMG]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Alpha Online Scan
  1. hudstore44
    Replies:
    2
    Views:
    204
  2. Serge2012
    Replies:
    37
    Views:
    1,510
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/877218

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice