dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3045
share rss forum feed


zozoy

@175.144.200.x

[Malware] after doing the step suggested. THANK YOU... (1)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4321

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/7/2010 9:46:58 PM
mbam-log-2010-07-17 (21-46-58).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|)
Objects scanned: 306444
Time elapsed: 44 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
H:\Software\TuneUp Utilities 2010 v9.0.2020.2 Incl.Keymaker-AMH\keygen.exe (Trojan.Agent.CK) -> No action taken.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
OTL logfile created on: 7/17/2010 9:51:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.26 Gb Total Space | 186.95 Gb Free Space | 82.62% Space Free | Partition Type: NTFS
Drive D: | 14.14 Gb Total Space | 2.41 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
Drive E: | 225.16 Gb Total Space | 211.05 Gb Free Space | 93.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 373.84 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/17 20:06:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2010/07/16 14:34:18 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- H:\Software\utorrent.exe
PRC - [2010/06/26 16:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/01/25 12:45:56 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2009/10/15 17:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/01 12:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/14 09:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009/07/02 00:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/06/19 18:47:26 | 000,282,776 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/15 08:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/17 20:06:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/19 18:47:30 | 000,013,496 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\kloehk.dll
MOD - [2009/06/19 18:47:28 | 000,085,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\adialhk.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010/02/26 10:07:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/19 06:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/12/30 05:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/18 10:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 12:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/01/05 02:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/01 12:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/19 18:47:26 | 000,282,776 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/15 08:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2010/07/17 16:22:36 | 000,222,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/02/26 10:22:40 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/26 09:12:12 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/06 08:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/29 01:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/20 09:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/01/08 02:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/08 02:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/08 02:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/08 02:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/28 09:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/14 02:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 09:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 07:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/20 10:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/11 05:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 05:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 05:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 05:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 04:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 15:30:42 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2008/12/23 16:46:56 | 000,033,296 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2009/09/23 09:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.jp.msn.com/CQALL/31
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »g.jp.msn.com/CQALL/31
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.jp.msn.com/CQALL/31
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »g.jp.msn.com/CQALL/31

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.jp.msn.com/CQALL/31
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »g.jp.msn.com/CQALL/31
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: personasexpression@eddiescorpse.private:1.1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/17 16:13:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/17 19:57:16 | 000,000,000 | ---D | M]

[2010/07/11 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/07/17 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bewt2hwp.default\extensions
[2010/07/17 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bewt2hwp.default\extensions\personasexpression@eddiescorpse.private
[2010/07/17 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uuujy0mw.default\extensions
[2010/07/17 16:06:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uuujy0mw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 16:06:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uuujy0mw.default\extensions\personasexpression@eddiescorpse.private
[2010/07/17 16:05:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uuujy0mw.default\extensions\toolbar@ask.com
[2010/07/17 16:47:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/17 16:06:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] H:\Software\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\x64\scieplgn.dll (Kaspersky Lab)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\x64\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\kloehk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/07/17 20:10:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/07/17 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/07/17 20:00:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/17 20:00:04 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/17 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/17 20:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/17 19:59:31 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.46.exe
[2010/07/17 19:42:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2010/07/17 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2010/07/17 18:19:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Winamp
[2010/07/17 17:46:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GRETECH
[2010/07/17 17:41:48 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop\gm
[2010/07/17 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\IDM
[2010/07/17 16:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/07/17 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2010/07/17 16:22:36 | 000,222,736 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Player Classic
[2010/07/17 13:01:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/17 13:01:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/16 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/16 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\uTorrent
[2010/07/16 10:16:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HP Support Assistant
[2010/07/15 01:06:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2010/07/15 00:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/07/14 23:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/14 23:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/07/14 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/14 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Rainmeter
[2010/07/14 00:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainmeter
[2010/07/13 23:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2010/07/13 23:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/07/13 21:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/07/13 21:02:45 | 000,000,000 | ---D | C] -- C:\KAV
[2010/07/13 19:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/07/13 18:14:15 | 000,041,368 | ---- | C] (Detong Technology Ltd) -- C:\Windows\SysWow64\OTB_Loader.dll
[2010/07/13 18:14:14 | 001,816,496 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Officetab_Detong.ocx
[2010/07/13 18:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Detong
[2010/07/12 08:58:32 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Declan Software
[2010/07/12 03:25:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\dvdcss
[2010/07/12 03:18:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2010/07/12 03:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Transparent
[2010/07/12 03:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Transparent
[2010/07/12 03:12:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2010/07/12 02:39:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps
[2010/07/12 02:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReadWrite Korean
[2010/07/12 02:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Korean HakGyo
[2010/07/12 01:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator
[2010/07/12 01:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Readon
[2010/07/12 01:47:35 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
[2010/07/12 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/07/12 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2010/07/12 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[2010/07/12 01:46:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Visual Studio 2005
[2010/07/12 01:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/12 01:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/07/12 01:46:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2010/07/12 01:39:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PPStream
[2010/07/12 01:36:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Readon_Technology
[2010/07/12 01:36:19 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Readon Player
[2010/07/12 01:35:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinRAR
[2010/07/12 01:31:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Help
[2010/07/12 01:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/07/12 01:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/07/12 01:04:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Yahoo
[2010/07/12 00:43:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\GomPlayer
[2010/07/11 23:34:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Yahoo!
[2010/07/11 23:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 23:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 23:33:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Yahoo!
[2010/07/11 23:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/11 22:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/07/11 22:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/07/11 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/11 22:16:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WildTangent
[2010/07/11 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Downloads
[2010/07/11 22:12:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DMCache
[2010/07/11 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/11 20:45:13 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/07/11 20:45:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/07/11 20:45:13 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/07/11 20:45:13 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/07/11 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2010/07/11 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2010/07/11 17:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/07/11 17:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/11 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/11 17:17:36 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/11 17:17:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/11 17:17:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/11 17:17:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/11 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia
[2010/07/11 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe
[2010/07/11 12:42:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Games
[2010/07/11 11:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Youcam
[2010/07/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\CyberLink
[2010/07/11 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CyberLink
[2010/07/11 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HpUpdate
[2010/07/11 11:39:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ATI
[2010/07/11 11:39:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ATI
[2010/07/11 11:38:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bluetooth Exchange Folder
[2010/07/11 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Broadcom
[2010/07/11 11:38:36 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2010/07/11 11:38:36 | 000,000,000 | -H-D | C] -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/11 11:38:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2010/07/11 11:38:27 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2010/07/11 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2010/07/11 11:38:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\hpqlog
[2010/07/11 11:38:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Hewlett-Packard
[2010/07/11 11:36:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Hewlett-Packard
[2010/07/11 11:34:52 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2010/07/11 11:34:52 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2010/07/11 11:34:52 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2010/07/11 11:34:52 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2010/07/11 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp
[2010/07/11 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2010/07/11 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/07/17 21:49:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/17 21:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/17 21:49:39 | 1552,306,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 21:49:06 | 005,479,996 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2010/07/17 21:49:06 | 000,057,276 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2010/07/17 21:49:06 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2010/07/17 21:49:06 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2010/07/17 21:48:55 | 001,572,864 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010/07/17 21:48:52 | 006,291,456 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010/07/17 20:07:06 | 000,867,892 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2010/07/17 20:06:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/07/17 20:04:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 20:04:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 20:01:40 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/17 20:01:40 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/17 20:01:40 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/17 20:00:07 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 19:54:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.46.exe
[2010/07/17 19:42:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2010/07/17 18:20:15 | 000,001,013 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/17 17:51:56 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/17 17:51:56 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/17 17:41:10 | 000,741,806 | ---- | M] () -- C:\Windows\Condition Zero Uninstaller.exe
[2010/07/17 17:07:16 | 000,158,936 | ---- | M] () -- C:\Users\user\Documents\error.jpg
[2010/07/17 16:35:49 | 000,001,133 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2010/07/17 16:22:36 | 000,222,736 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 16:17:50 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 16:17:50 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 16:17:50 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TM.blf
[2010/07/17 15:50:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 15:50:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 15:50:46 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TM.blf
[2010/07/17 15:49:21 | 000,118,312 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/17 14:56:21 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 14:56:21 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 14:56:20 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TM.blf
[2010/07/17 14:37:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 14:37:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 14:37:46 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TM.blf
[2010/07/17 13:37:24 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 13:37:24 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 13:37:24 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TM.blf
[2010/07/17 12:40:25 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 12:40:25 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 12:40:25 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TM.blf
[2010/07/14 10:01:52 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/07/12 10:34:28 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/12 10:34:28 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/12 08:20:58 | 000,446,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/12 01:32:25 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/07/12 01:31:31 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/07/12 00:59:03 | 000,001,161 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/11 17:19:28 | 000,001,963 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/11 17:11:17 | 000,001,437 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/11 11:50:07 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/11 11:50:07 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 11:50:07 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/11 11:34:52 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini
[2010/07/01 10:18:32 | 001,425,816 | ---- | M] () -- C:\Windows\SysWow64\OfficeTabFunction.dll
[2010/06/30 14:27:46 | 000,041,368 | ---- | M] (Detong Technology Ltd) -- C:\Windows\SysWow64\OTB_Loader.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/17 20:10:33 | 000,867,892 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2010/07/17 20:00:07 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 18:20:15 | 000,001,013 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/17 17:41:10 | 000,741,806 | ---- | C] () -- C:\Windows\Condition Zero Uninstaller.exe
[2010/07/17 17:07:16 | 000,158,936 | ---- | C] () -- C:\Users\user\Documents\error.jpg
[2010/07/17 16:35:49 | 000,001,133 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2010/07/17 16:23:17 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/17 16:23:17 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/17 16:22:41 | 005,479,996 | -HS- | C] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2010/07/17 16:22:41 | 000,057,276 | -HS- | C] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2010/07/17 16:22:41 | 000,000,060 | -HS- | C] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2010/07/17 16:22:41 | 000,000,060 | -HS- | C] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2010/07/17 16:08:58 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 16:08:58 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 16:08:58 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{ab808b15-9177-11df-911c-70f3952743e9}.TM.blf
[2010/07/17 15:48:46 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 15:48:46 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 15:48:46 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{4921c862-9175-11df-b4ea-70f3952743e9}.TM.blf
[2010/07/17 14:56:21 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 14:56:21 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 14:56:20 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{09071b08-9166-11df-8d16-70f3952743e9}.TM.blf
[2010/07/17 13:42:36 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 13:42:36 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 13:42:36 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{3c46485a-9164-11df-af90-70f3952743e9}.TM.blf
[2010/07/17 13:30:05 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 13:30:05 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 13:30:05 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{2934d982-9162-11df-aa76-70f3952743e9}.TM.blf
[2010/07/17 12:17:19 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 12:17:19 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 12:17:19 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{38a70166-9156-11df-9fd0-70f3952743e9}.TM.blf
[2010/07/14 10:01:52 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/07/13 18:14:15 | 001,425,816 | ---- | C] () -- C:\Windows\SysWow64\OfficeTabFunction.dll
[2010/07/13 18:14:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ArmAccess.dll
[2010/07/12 02:35:11 | 000,003,498 | ---- | C] () -- C:\Users\user\BykiDownloader.log
[2010/07/12 01:31:31 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/12 00:59:03 | 000,001,161 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/11 17:19:28 | 000,001,963 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/11 17:11:17 | 000,001,437 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/11 11:38:58 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/07/11 11:34:52 | 001,572,864 | -HS- | C] () -- C:\Users\user\ntuser.dat
[2010/07/11 11:34:52 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/11 11:34:52 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 11:34:52 | 000,262,144 | -HS- | C] () -- C:\Users\user\ntuser.dat.LOG1
[2010/07/11 11:34:52 | 000,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/11 11:34:52 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/11 11:34:52 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/11 11:34:52 | 000,000,020 | -HS- | C] () -- C:\Users\user\ntuser.ini
[2010/07/11 11:34:52 | 000,000,000 | -HS- | C] () -- C:\Users\user\ntuser.dat.LOG2
[2010/05/23 16:15:26 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/23 16:15:26 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/30 06:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:58A5270D
OTL Extras logfile created on: 7/17/2010 9:51:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.26 Gb Total Space | 186.95 Gb Free Space | 82.62% Space Free | Partition Type: NTFS
Drive D: | 14.14 Gb Total Space | 2.41 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
Drive E: | 225.16 Gb Total Space | 211.05 Gb Free Space | 93.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 373.84 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to zozoy
Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{22EDD583-C27F-9B85-E7CA-0678B4866BA6}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{773BF642-823B-42D4-15B5-8B72AFF68ABC}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F6BBC5-6E66-23C3-FF91-4DB6ED05A8D7}" = CCC Help Spanish
"{041AAC9C-A13B-DFA0-9776-87AF83B35596}" = Catalyst Control Center Localization All
"{05DDE7AC-BD3E-2D31-E759-487F86528CE0}" = CCC Help Japanese
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{097D8B89-37B7-C529-F6EE-23025394D13B}" = CCC Help Turkish
"{099BCC47-AB4B-35B5-5572-39523A66BD4D}" = CCC Help Russian
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2186231D-3BAC-6F60-B4E6-11C1CC46621A}" = Catalyst Control Center Graphics Light
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{31BF7747-C976-A11B-8281-4A2481674AC6}" = CCC Help Italian
"{34D46E43-EC21-A880-5A1D-29B0D0680783}" = CCC Help Danish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B36462F-3B19-6682-4F1B-DD2D4C63E4B5}" = CCC Help Greek
"{4C1E491F-2EA0-2420-0BF1-AC4F66250FAF}" = ccc-core-static
"{514E8F2C-DFB0-D273-CC83-FFEFAE1C7E68}" = CCC Help Portuguese
"{51A94076-3F07-CFCB-4EA2-CC289A8B1D2A}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5D830788-9081-8734-B37E-7163AFB7926E}" = Catalyst Control Center Graphics Previews Vista
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}" = SoftStylus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EE7B3A0-9F9E-6D28-A52C-E3B99C88BE0A}" = Catalyst Control Center Graphics Previews Common
"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 8.0 for Windows Workstations Beta
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{93BFBEE9-CBAA-5E64-9D60-C93C2E2F1F08}" = CCC Help Thai
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{977B6129-172E-33EC-E3E2-0E9180E7C07C}" = Catalyst Control Center Graphics Full New
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99969E7A-57A4-C38A-41B3-C77DD606FD2C}" = Catalyst Control Center Core Implementation
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B258C3C9-3B1C-D278-4793-B916529BC50B}" = Catalyst Control Center Graphics Full Existing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6096DD1-5BD4-F04B-73F9-F270F7F126F8}" = CCC Help Chinese Standard
"{C83A8605-6A9D-B9BC-A0F8-144B321D50C1}" = CCC Help Dutch
"{C8B8FE5A-EA84-82C0-FB0D-BF13EED3F0D9}" = CCC Help French
"{C8E0D21E-6653-6FF0-D5FA-6DD840A1395A}" = CCC Help Korean
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBCFFBA2-DDCB-8B49-90CC-90C604CDC726}" = CCC Help Czech
"{CC028B89-B82A-63E2-1FDC-EA85AAE520F7}" = CCC Help Chinese Traditional
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}" = Microsoft Visual Studio 2005 Standard Edition - ENU
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7A05709-8282-E331-3968-AC2E940F3DAF}" = CCC Help Hungarian
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DE469D65-1DEB-4058-BF95-C642D733668D}_is1" = Office Tab 5.20
"{E25F2A09-8266-4A73-9246-1F5EAA5E3BB4}" = HP User Guides 0179
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED539483-9ED9-926E-5C41-17EF30AFC145}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED8B5B56-636A-BB5F-48D7-ECEFEAE7A63E}" = CCC Help Norwegian
"{EEDDAB97-EBBA-15F2-93C6-F712225BE387}" = CCC Help English
"{F087C5AD-DC1F-5F18-05EF-1BD0B66726CE}" = CCC Help German
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C8234C-2E32-B184-8707-5EF3AAB90121}" = CCC Help Swedish
"{FB39772F-1521-4D5F-94E1-D3819DBF3B8A}" = CCC Help Polish
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"Condition Zero" = Condition Zero
"EXCEL" = Microsoft Office Excel 2007
"GOM Player" = GOM Player
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 8.0 for Windows Workstations Beta
"Internet Download Manager" = Internet Download Manager
"Korean HakGyo_is1" = Korean HakGyo version 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU" = Microsoft Visual Studio 2005 Standard Edition - ENU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"My HP Game Console" = HP Game Console
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PRJPRO" = Microsoft Office Project Professional 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"PUBLISHER" = Microsoft Office Publisher 2007
"ReadWrite Korean_is1" = ReadWrite Korean version 2.3
"RocketDock_is1" = RocketDock 1.3.5
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.0
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082439" = Bus Driver
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082463" = Zuma's Revenge
"WT083484" = Escape Rosecliff Island
"WT083492" = Agatha Christie - Death on the Nile
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/14/2010 11:24:56 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900
Faulting
module name: GameUI.dll, version: 0.0.0.0, time stamp: 0x40bd3900 Exception code:
0xc0000005 Fault offset: 0x00025969 Faulting process id: 0xf74 Faulting application
start time: 0x01cb236604dc912f Faulting application path: E:\Document\Condition
Zero\hl.exe Faulting module path: e:\document\condition zero\valve\cl_dlls\GameUI.dll
Report
Id: f4a0a074-8f5b-11df-bdb7-70f3952743e9

Error - 7/15/2010 1:05:39 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/15/2010 1:07:46 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 7/15/2010 1:08:37 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/15/2010 1:08:41 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\documents\downloads\Programs\SoftonicDownloader28009.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 7/15/2010 1:09:02 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/15/2010 1:09:08 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/15/2010 1:09:19 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/15/2010 8:17:21 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16415 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ae0 Start
Time: 01cb24179b1b1d13 Termination Time: 7 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: e8f4461e-900a-11df-97ac-70f3952743e9

Error - 7/16/2010 2:35:24 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program utorrent.exe version 2.0.2.19648 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1348 Start
Time: 01cb24b0eb594923 Termination Time: 7 Application Path: C:\Users\user\Documents\Downloads\Programs\utorrent.exe

Report
Id: 4e1f329e-90a4-11df-a05b-70f3952743e9

[ System Events ]
Error - 7/17/2010 4:50:20 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:23 AM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 7/17/2010 4:50:23 AM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 4:50:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/17/2010 7:54:45 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).
Results of screen317's Security Check version 0.99.4
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
ESET Online Scanner v3
Kaspersky Anti-Virus 8.0 for Windows Workstations Beta
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to zozoy
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 17
Java(TM) 6 Update 20
[color=red]Out of date Java installed![/color]
Adobe Flash Player 10.1.53.64
Adobe Reader 9.1 MUI
[color=red]Out of date Adobe Reader installed![/color]
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Kaspersky Lab Kaspersky Anti-Virus 8.0 for Windows Workstations avp.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
````````````````````````````````
[u]DNS Vulnerability Check:[/u]
[color=red]Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)[/color]

``````````End of Log````````````
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1135a5dd2c4116489c83bcd351fc9749
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-17 04:11:01
# local_time=2010-07-18 12:11:01 (+0800, Malay Peninsula Standard Time)
# country="Malaysia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 19829 31006159 0 0
# compatibility_mode=8192 67108863 100 0 1158 1158 0 0
# scanned=195147
# found=0
# cleaned=0
# scan_time=6752
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 edit
reply to zozoy
Please run MBAM again, and this time remove the items it found. Post the new log in this thread.

The pertinent portion of the MBAM instructions in our FAQ follow:

• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2010
Gladiator Security Forum