# Virus:Win32/Alureon.H



## Staminize (May 25, 2010)

hi there, ive recently found the Alureon.H virus on my computer during a Microsoft Security Essentials scan. MSE initially disinfected it but after rebooting to complete the clean i rescanned and discovered it had come back. while searching for answers on the net ive found that you have resolved this issue for people in the past, and am hoping you can help me to do the same.

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:11 PM, on 5/24/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Norton\NUA.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Hkewawosaf] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\ogogovitogo.dll",Startup
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Jkoxiwitatuxofum] rundll32.exe "C:\Users\Kieren\AppData\Local\preciz.dll",Startup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Jkoxiwitatuxofum] rundll32.exe "C:\Users\Kieren\AppData\Local\preciz.dll",Startup (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: Diagnostic Policy Service DPSplaEMDMgmt (DPSplaEMDMgmt) - Unknown owner - C:\Windows\system32\aelupsvcu.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Performance Logs & Alerts plaEMDMgmt (plaEMDMgmt) - Unknown owner - C:\Windows\system32\ActiveContentWizardp.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Software Licensing slsvcWMPNetworkSvc (slsvcWMPNetworkSvc) - Unknown owner - C:\Windows\system32\ANIWZCS{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}m.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Portable Device Enumerator Service WPDBusEnum Notice Service (WPDBusEnum Notice Service) - Unknown owner - C:\Windows\system32\algw.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework wudfsvcISPwdSvc (wudfsvcISPwdSvc) - Unknown owner - C:\Windows\system32\acluiw.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11441 bytes

Iam new to HijackThis so i apologize if i have posted wrong, thanks for your time!


----------



## Staminize (May 25, 2010)

Forgot to mention the item name is rootkit:Alureon->tdx


----------



## SweetTech (Jan 1, 1970)

My name is *SweetTech.* I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:


Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be *patient* while I analyze any logs you post.
Please make sure to *carefully read* any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have *destructive* effects.
*If you're not sure, or if something unexpected happens, do NOT continue!* Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
*Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!*
If I instruct you to download a specific tool in which you already have, _please delete the copy that you have and re-download the tool._ The reason I ask you to do this is because these tools are updated fairly regularly.
*In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!*
Please do _*not use*_ the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this *together  
Because of this, you must reply within three days* failure to reply will result in the topic being *closed!*
*Please do not PM me directly for help.* If you have any questions, post them in this topic. *The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days)* and you need an explanation. If that's the case, just send me a message on here. 
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. 
_Don't worry_, this only happens in severe cases, but it sadly does happen. *Be prepared to back up your data. Have means of backing up your data available.*

____________________________________________________

*OTL Custom Scan*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Custom Scan paste this in
*
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


*NEXT:*

*Scanning with GMER*

Please download *GMER* from one of the following locations and save it to your desktop:

Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
_-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, *uncheck* Devices on the right side before scanning_.

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The logs that were produced after running the OTL scans. _(OTL.txt & Extras.txt)_
*3.* The log that was produced after running GMER
*4.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*


----------



## Staminize (May 25, 2010)

Hi SweetTech, thanks for helping.

ive ran OTS and have the logs ready, and have downloaded GMER however i didnt run the program because i have Norton Internet Security (which i dont even want, just cant get rid of it) and its Auto-Protect feature is stuck "ON". It lets me select the turn off feature and choose a duration period, but will always remain on afterwards.

As for trying to get rid of it, ive gone to Uninstall Programs and attempted to remove it but it always says failed to install at the beginning of the uninstall loading bar and the uninstall wizard freezes up. what do you recommend i do?


----------



## SweetTech (Jan 1, 1970)

Hello,

Lets see if we can get rid of Norton.

*Remove Norton Tool*

*ONLY* if you don't have an active subscription, use below link to uninstall Norton.

Please click  HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

*It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.*

If the above fails to remove it then use this tool below:

*RevoUninstaller*
Download and install Revo Uninstaller


Double click the *Revo Uninstaller* icon on your desktop to start the program
Scroll through the listed programs and *Right Click* on the program you wish to uninstall
From the pop out menu choose *Uninstall*
Click *Yes* to the confirmation dialogue
In the next window select the *Advanced mode*
Click *Next* to start uninstalling the program
Answer *Yes* to confirm the uninstall
When the program has completed the four steps, click *Next* to allow the program to search for leftovers
Once complete, click *Next,* then *Finish*
Repeat the above steps for any other programs you wish to remove.


----------



## Staminize (May 25, 2010)

Norton is finally gone, thanks!

Shortly after i hit Scan on GMER my screen went haywire for a second then loaded a blue screen saying windows had encountered an error and was shutting down to prevent damage. I have turned it back on and am logged in again, how do i get this scan done?


----------



## SweetTech (Jan 1, 1970)

Try running it in Safe Mode.

*Entering Safe Mode*


*Restart your computer.*
As the computer starts to boot-up, Tap the *F8 KEY* repeatedly,
This will bring up a *menu.*
Use the *Up and Down Arrow Keys* to scroll to *Safe Mode*
Then press the *Enter Key* on your Keyboard 
Go into your usual account


----------



## Staminize (May 25, 2010)

I tried the scan in safe mode and it appeared to want to scan this time, but after 17 lines were logged it said the program had stopped working. the item it was currently scanning i believe was \Device\HarddiskVolumeShadow something (the frozen sign blocked the rest)


----------



## SweetTech (Jan 1, 1970)

Please post the OTL logs.


----------



## Staminize (May 25, 2010)

*OTL Log:*

OTL logfile created on: 5/25/2010 6:45:24 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kieren\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.76 Gb Total Space | 286.96 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.23 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 46.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERENSPC
Current User Name: Kieren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Kieren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe (D-Link)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\dlbccoms.exe ( )
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Kieren\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.dll ()
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (wudfsvcISPwdSvc) -- File not found
SRV - (WPDBusEnum Notice Service) -- File not found
SRV - (slsvcWMPNetworkSvc) -- File not found
SRV - (plaEMDMgmt) -- File not found
SRV - (Bonjour Service) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (jswpsapi) -- C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dlbc_device) -- C:\Windows\System32\dlbccoms.exe ( )
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (DPSplaEMDMgmt) -- C:\Windows\System32\aelupsvcu.exe ()

========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\arusb_lh.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080227.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (A5AGU) -- C:\Windows\System32\drivers\A5AGU.sys (D-Link Corporation)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{108BED12-7760-4D58-95D2-928B56A5447E}: C:\Users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E} [2010/04/15 09:42:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}: C:\Windows\system32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}\ [2010/05/24 02:17:09 | 000,000,000 | ---D | M]

[2009/02/03 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Mozilla\Extensions
[2009/02/03 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [Hkewawosaf] C:\Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.DLL ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kieren\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kieren\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/11 18:23:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 04:43:44 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DWA160.exe -- [2008/07/23 21:08:52 | 000,132,352 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 05:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 18:38:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Kieren\Desktop\OTL.exe
[2010/05/24 22:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/24 22:24:46 | 000,692,224 | ---- | C] (Wireless Service) -- C:\Windows\System32\ANIWZCS2.dll
[2010/05/24 22:24:46 | 000,262,144 | ---- | C] (Wireless Service) -- C:\Windows\System32\wnicapi.dll
[2010/05/24 22:24:46 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2010/05/24 22:24:46 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2010/05/24 22:24:46 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2010/05/24 22:24:45 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2010/05/24 22:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2010/05/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2010/05/24 22:23:51 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\InstallShield
[2010/05/24 19:39:01 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ceguxane.sys
[2010/05/24 16:49:28 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\yrmndbyh.sys
[2010/05/24 12:13:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/05/24 05:26:22 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/24 05:26:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/24 05:26:21 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/24 05:26:20 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/24 05:26:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/24 05:26:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/24 05:26:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/24 05:26:20 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/24 05:26:19 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/24 05:26:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/24 05:26:19 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/24 05:26:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/24 05:26:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/24 05:26:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/24 05:26:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/24 05:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/24 05:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/24 05:26:19 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/24 05:26:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/24 05:26:18 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/24 05:26:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/24 05:26:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/24 05:26:07 | 003,504,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/24 05:26:07 | 003,470,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/24 05:26:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/24 05:25:53 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/24 05:25:53 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/24 05:24:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/05/24 05:24:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/05/24 04:43:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 04:10:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2010/05/24 02:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/24 02:28:19 | 007,249,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Kieren\Documents\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/11 21:16:48 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\LolClient
[2010/04/30 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/04/30 09:44:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/04/30 09:44:20 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/04/30 09:44:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/04/30 09:44:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/04/30 09:44:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/04/30 09:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/30 09:40:49 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/04/29 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Local\PMB Files
[2010/04/29 22:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/04/29 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2007/02/02 08:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 07:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 19:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 19:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 19:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 18:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 18:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 18:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 18:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 18:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 18:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 18:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 18:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 18:44:10 | 002,359,296 | -HS- | M] () -- C:\Users\Kieren\ntuser.dat
[2010/05/25 18:38:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Kieren\Desktop\OTL.exe
[2010/05/25 18:30:12 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 18:30:12 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/05/25 17:02:48 | 000,000,120 | ---- | M] () -- C:\Users\Kieren\AppData\Local\Wfevun.dat
[2010/05/25 17:01:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Program Check.job
[2010/05/25 16:21:04 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1EF0E0D0-18BD-4006-B096-0041EB64F3F2}.job
[2010/05/25 16:12:27 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Startup.job
[2010/05/25 16:06:32 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/25 10:37:22 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/25 10:37:22 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/25 10:37:22 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/25 10:31:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/25 10:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/25 10:30:46 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/05/25 10:30:45 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/25 10:30:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 10:30:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 10:30:04 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 02:10:44 | 002,520,925 | -H-- | M] () -- C:\Users\Kieren\AppData\Local\IconCache.db
[2010/05/25 01:00:47 | 000,000,000 | ---- | M] () -- C:\Users\Kieren\AppData\Local\Fgohobogiseyit.bin
[2010/05/24 23:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/24 23:21:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/24 22:34:01 | 000,001,950 | ---- | M] () -- C:\Users\Kieren\Desktop\HiJackThis.lnk
[2010/05/24 22:33:45 | 001,402,880 | ---- | M] () -- C:\Users\Kieren\Documents\HiJackThis.msi
[2010/05/24 22:30:18 | 000,060,928 | ---- | M] () -- C:\Users\Kieren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 22:24:34 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/05/24 22:21:20 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 22:20:46 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\SpeedyPC.lnk
[2010/05/24 22:14:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/24 22:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/24 22:14:02 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 20:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/24 20:25:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/24 20:17:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/24 20:17:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/24 20:17:15 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}
[2010/05/24 20:17:04 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}
[2010/05/24 20:08:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/24 20:08:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/24 19:39:01 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ceguxane.sys
[2010/05/24 18:12:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/24 18:12:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/24 16:49:28 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\yrmndbyh.sys
[2010/05/24 12:13:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/24 12:13:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/24 05:55:11 | 000,000,170 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/05/24 05:04:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/24 05:04:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/24 04:46:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/24 04:46:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/24 04:43:34 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 04:13:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/24 04:13:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/05/24 04:10:03 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2010/05/24 03:31:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/24 03:31:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/24 03:25:52 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Privacy Controls_{4A15AFF5-3239-11DF-BEE9-001BB9D97FE5}.job
[2010/05/24 02:28:40 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/24 02:28:26 | 007,249,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Kieren\Documents\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/24 02:14:21 | 000,000,190 | --S- | M] () -- C:\Windows\System32\3078003147.dat
[2010/05/23 01:55:56 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/05/21 09:52:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/21 09:52:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/17 08:31:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/17 08:31:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/14 18:33:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/14 18:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/12 21:51:03 | 000,002,231 | ---- | M] () -- C:\Users\Kieren\Desktop\iTunes.lnk
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/11 00:27:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/11 00:27:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/09 17:27:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/09 17:27:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/06 13:11:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/06 13:11:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/05 12:24:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/05 12:24:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/03 23:54:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/03 23:54:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/30 09:44:21 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/29 22:18:14 | 002,180,280 | ---- | M] () -- C:\Users\Kieren\Documents\LeagueOfLegendsDownloader.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 22:34:01 | 000,001,950 | ---- | C] () -- C:\Users\Kieren\Desktop\HiJackThis.lnk
[2010/05/24 22:33:25 | 001,402,880 | ---- | C] () -- C:\Users\Kieren\Documents\HiJackThis.msi
[2010/05/24 22:27:58 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/24 22:25:09 | 000,000,007 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/24 22:24:46 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010/05/24 22:24:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010/05/24 22:24:34 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/05/24 21:38:53 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 21:36:53 | 000,000,007 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 05:55:11 | 000,000,170 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/24 02:28:40 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/30 09:44:21 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/29 22:17:57 | 002,180,280 | ---- | C] () -- C:\Users\Kieren\Documents\LeagueOfLegendsDownloader.exe
[2009/05/21 22:38:43 | 000,847,360 | ---- | C] () -- C:\Windows\System32\JS32.dll
[2007/12/02 21:01:32 | 000,000,095 | ---- | C] () -- C:\Windows\dellstat.ini
[2007/09/11 18:01:43 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/11 18:01:43 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 09:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/02 08:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 07:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/12/14 00:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/01 14:43:08 | 000,000,089 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[2005/10/05 15:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000091.DLL

========== LOP Check ==========

[2007/12/17 02:05:29 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Acoustica
[2009/01/23 23:46:08 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Acreon
[2010/05/24 04:10:03 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Desktopicon
[2010/05/11 21:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\LolClient
[2010/04/30 10:01:38 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2008/01/25 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\MSNInstaller
[2010/03/17 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\ParetoLogic
[2007/11/24 18:29:02 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Snapfish
[2009/10/26 18:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\StealthBot
[2009/02/20 22:08:18 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Template
[2009/08/02 17:10:58 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Ulead Systems
[2007/12/02 21:12:24 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\WildTangent
[2008/01/17 21:48:32 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2010/05/24 03:25:52 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Privacy Controls_{4A15AFF5-3239-11DF-BEE9-001BB9D97FE5}.job
[2010/05/25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/05/23 01:55:56 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/05/25 02:10:59 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/25 17:01:00 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Program Check.job
[2010/05/25 16:12:27 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Startup.job
[2010/03/17 21:07:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC.job
[2010/05/25 16:21:04 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1EF0E0D0-18BD-4006-B096-0041EB64F3F2}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/01 16:12:22 | 000,000,865 | ---- | M] () -- C:\A2Output2.xml
[2008/12/01 16:12:22 | 000,000,865 | ---- | M] () -- C:\A2Output6.xml
[2007/09/11 18:23:24 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/05/04 16:09:11 | 000,000,259 | ---- | M] () -- C:\BnetLog.txt
[2006/11/02 03:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/09/11 18:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/25 10:30:04 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 10:30:02 | 3533,570,048 | -HS- | M] () -- C:\pagefile.sys
[2010/05/24 04:46:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/24 05:04:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/24 12:13:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/24 18:12:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/24 20:08:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/24 20:17:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/24 20:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/24 22:14:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/24 23:21:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/25 10:31:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/03 23:54:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 12:24:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/06 13:11:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/09 17:27:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/11 00:27:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/14 18:33:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/17 08:31:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/21 09:52:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/24 03:31:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/24 04:13:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/24 04:46:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/24 05:04:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/24 12:13:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/24 18:12:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/24 20:08:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/24 20:17:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/24 20:25:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/24 22:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/24 23:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/25 10:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/03 23:54:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 12:24:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/06 13:11:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/09 17:27:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/11 00:27:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/14 18:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/17 08:31:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/21 09:52:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/24 03:31:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/24 04:13:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/24 21:18:02 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.)* Unable to obtain MD5* -- C:\Windows\System32\ATIDEMGX.dll
[2006/11/02 03:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\rsaenh.dll
[2007/09/11 18:53:26 | 000,223,232 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/24 19:39:01 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ceguxane.sys
[2010/02/20 15:30:16 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/05/24 04:10:03 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys
[2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpNWMon.sys
[2010/02/23 07:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 06:15:49 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 06:15:30 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 06:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 06:04:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2010/02/18 06:04:38 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2010/05/24 04:43:34 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 16:49:28 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\yrmndbyh.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF
< End of report >

*OTL Extras Log:*

OTL Extras logfile created on: 5/25/2010 6:45:25 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kieren\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.76 Gb Total Space | 286.96 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.23 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 46.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERENSPC
Current User Name: Kieren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EB6E2F1-4481-4D44-B59F-EC9045DF3072}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{25364DDD-6427-40A9-91B1-81046D93CE49}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{837CB1BC-B29B-436D-A512-B860DC31BB33}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher | 
"{864846AA-F20E-4C9B-A7D1-CEA021F04FF8}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{873D65C5-9824-4250-9F99-517ABE4099D3}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher | 
"{B03EEC32-5C4B-4AC3-8914-1780FDE87583}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B9EDF5D5-8236-4C00-B8C6-1D1D969F2383}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{BA78B888-0F32-450E-B54F-B1C5571B1EE1}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{BAA6F84D-669D-44AE-9E6A-91E8C3487AD2}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher | 
"{C31CE71F-7022-453E-8B03-C4D88680CDA7}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher | 
"{C8697C48-F8B2-4AE9-A848-B813249741F1}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{D7570DE8-3F0E-415E-8C52-F64A50917540}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{E545F658-CDE0-468E-9377-90D8254333B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F246F7EA-E148-4205-B59D-0D643E182D9F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{F51C989E-2767-4ABC-8CFB-A558AD29811F}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020E0ECA-ED20-49A8-88A5-9987D9D5CF22}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe | 
"{050F2A8D-6194-4709-A896-DD23140EE275}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{0BE23361-E21A-4F78-8CD1-8D26CD94BBB1}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft - copy - copy\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe | 
"{110A916E-965F-42C2-A1DB-5046F3F92A74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B5BF902-55C1-4690-B92A-ACA3C017A164}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | 
"{1D69FB6F-1510-41BC-A098-4824A459AED8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{21985FE9-F460-40E0-A084-DDC732E74FDC}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{29AB0977-63E8-44D8-8691-1B7D9883FE54}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe | 
"{2ABEBFC4-FB5F-42AF-B6B4-2E777EA63F7A}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{2BA50027-B2FB-47CE-85AE-FD769AB8E7B8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{2CAA01F5-429A-4618-8DD9-C5E15F81BFDA}" = protocol=6 | dir=in | app=c:\program files\stealthbot\stealthbot v2.6r3.exe | 
"{3E7E969D-F1CA-42F9-8D0A-A0C8A0303EB3}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | 
"{6A5FEC59-F0AA-42AE-B853-5C19E725B33F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{6C91133A-2515-4335-8987-E7009D489D7E}" = protocol=17 | dir=in | app=c:\program files\online services\aolca\installaol.exe | 
"{6F924FEC-91AF-436A-92C1-8114FA79BFF6}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe | 
"{7263F88D-3E71-4A37-81AE-3CF43031B8A9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{755BB48B-59F5-4709-A315-E5AD758FBEAF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{7DEF5FF9-0C3F-4B7E-83DA-3A854C7D6B68}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{91D63987-3BD5-4CE2-8695-DC2E411B5DAA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{999C767A-8DB3-4BFE-B11B-9C0B336EDFAD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9FF0A68C-0B61-4E78-8DB4-906A9F0B53A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A44E135C-D942-4B73-AD0C-575C67C53D31}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{AA798858-DC71-490F-96DA-00F39C7384DB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AF325B0F-1A1C-4950-8120-92EFE4A8A8E2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B215E2CB-8241-4000-ADE1-460BB6CC1C28}" = protocol=6 | dir=in | app=c:\program files\online services\aolca\installaol.exe | 
"{B5FBA521-F96F-4A2A-996E-DD6538982745}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B83788D2-B618-4737-8FD2-301AAA6E3409}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{BC33EE5E-6294-4C49-A4A5-F7E0AAD0ABE3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C170C809-2378-4091-AB86-536FE7FBC21D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4AA917B-560B-4CFE-A518-63C30253223F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{CC8D164C-AB5A-46C5-9B8B-289720F59838}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe | 
"{CCE83DFE-7BCF-4095-A72C-5963BD253A51}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D03FD0A5-0DC8-4AFF-86C4-EC8F26A5F560}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{D15BD7C6-0D9C-4B29-B37C-60A01E573A2C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D9F6C7F2-C5D4-4D61-81DE-A340DE919DD2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{DE969FD5-23BE-4F39-9282-D70842214746}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft - copy - copy\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe | 
"{E44949D3-B00D-4EAF-8760-97791F3A2837}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{F4C8C205-2F26-49D6-9EF2-C7C3BB036098}" = protocol=17 | dir=in | app=c:\program files\stealthbot\stealthbot v2.6r3.exe | 
"{FB789BD8-1253-42C0-98AA-5D941A19E460}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{FE425FC0-5B6E-48C4-99B3-1134FB197AF3}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{FF69A893-D99D-4560-87DA-5BB8771CB397}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"TCP Query User{14F69809-C28E-4D43-8EB3-22D86E877C6C}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{372E3784-AF6F-475D-8A60-353DA3976B10}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{6E357395-6EDD-4133-BFCE-981B0ED03813}C:\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft public test\launcher.exe | 
"TCP Query User{88603BE3-40A4-4642-B7C0-73E6145D1FED}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{ACD603B7-0993-4161-A90A-FB95A83313B1}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | 
"TCP Query User{CD44170C-E46B-4C25-AFC7-AA427013457C}C:\users\public\games\world of warcraft - copy - copy\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft - copy - copy\launcher.exe | 
"TCP Query User{E5A39F39-80E6-4178-91D8-1106DF34E956}C:\users\public\games\world of warcraft - copy\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft - copy\launcher.exe | 
"UDP Query User{143B0DF1-4919-4A26-8FC1-30A95B70431F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{37BF3A17-ACB1-4F51-B0AE-668939DD4F6C}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | 
"UDP Query User{466ED2FD-2F92-484A-8838-2F0FC5E6DD44}C:\users\public\games\world of warcraft - copy\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft - copy\launcher.exe | 
"UDP Query User{7D3B4AF5-37BA-45DF-9908-6AAA1FDC0778}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{CF4C4B24-718D-4308-A54E-CF3250C0C508}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{E00B2E0E-D0BB-4EDA-86EC-54BE63878777}C:\users\public\games\world of warcraft - copy - copy\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft - copy - copy\launcher.exe | 
"UDP Query User{E57834DD-D4D6-4BEC-83EF-3D0F3936CF6A}C:\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft public test\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0BB72566-0D4C-7200-2CE7-02F298B49C88}" = CCC Help English
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{110AD51E-D0E0-49B1-52FD-291373BA62EA}" = Catalyst Control Center Graphics Full New
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Xtreme N Dual Band DWA-160
"{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}" = ParetoLogic Privacy Controls
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31557F4F-7D10-D32E-4B70-237A09FCC31B}" = Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C175604-F026-5D79-BBD8-F626AE10B3EF}" = Catalyst Control Center Graphics Full Existing
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62C2067E-5851-BD4C-98E0-5C4D5E155A5B}" = Catalyst Control Center Core Implementation
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81EDAA16-F0F3-400A-A967-A35B250EAC1E}" = SuperchipsUpdate
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83729FE3-6785-476A-91F1-312D427B4522}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A292C05C-840A-9D47-5350-EF39ECC7629E}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}" = Catalyst Control Center InstallProxy
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD17676C-5065-E427-130B-21CE713F93E7}" = Catalyst Control Center Graphics Light
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B970700B-E49F-ECEF-4ADB-0F3E1AFEDE91}" = ccc-core-static
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9726DDC-D7B5-BF1F-5626-EA467FEEBC52}" = ccc-utility
"{F9F13FEA-D51E-A1C3-4EDC-D04A91B62C93}" = Catalyst Control Center Graphics Previews Vista
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"ExpressBurn" = Express Burn
"FTD2XX" = FTDI FTD2XX USB Drivers
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSNINST" = MSN
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"SpeedyPC" = SpeedyPC
"Starcraft" = Starcraft
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Steam App 500" = Left 4 Dead
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2009 11:20:14 AM | Computer Name = KierensPC | Source = WerSvc | ID = 5007
Description =

Error - 6/7/2009 6:53:58 PM | Computer Name = KierensPC | Source = Application Hang | ID = 1002
Description = The program ScmDraft2.exe version 0.8.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1d18 Start Time: 01c9e736ff5f7ce0 Termination Time: 42

Error - 6/8/2009 11:39:20 PM | Computer Name = KierensPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/12/2009 5:36:02 PM | Computer Name = KierensPC | Source = WerSvc | ID = 5007
Description =

Error - 6/12/2009 10:09:58 PM | Computer Name = KierensPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16757, time stamp
0x48e4238e, faulting module Flash9c.ocx, version 9.0.45.0, time stamp 0x45db8560,
exception code 0xc0000005, fault offset 0x0018ac1a, process id 0x11f8, application
start time 0x01c9ebc4fe88c1c8.

Error - 6/14/2009 5:27:55 PM | Computer Name = KierensPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16757, time stamp
0x48e4238e, faulting module Flash9c.ocx, version 9.0.45.0, time stamp 0x45db8560,
exception code 0xc0000005, fault offset 0x0018ac1a, process id 0x1574, application
start time 0x01c9ed3356f29800.

Error - 6/16/2009 6:24:03 PM | Computer Name = KierensPC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 6/17/2009 11:10:37 AM | Computer Name = KierensPC | Source = EventSystem | ID = 4621
Description =

Error - 6/22/2009 11:20:06 AM | Computer Name = KierensPC | Source = EventSystem | ID = 4621
Description =

Error - 6/23/2009 11:41:55 AM | Computer Name = KierensPC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 4/30/2008 4:23:44 PM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 8:15:29 AM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 3:28:44 PM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 11:25:36 AM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 6:53:56 PM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2009 1:41:05 AM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 7:00:58 PM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/5/2009 5:28:20 PM | Computer Name = KierensPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/23/2009 5:59:43 PM | Computer Name = KierensPC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 12/23/2009 10:43:30 PM | Computer Name = KierensPC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 5/25/2010 12:11:56 AM | Computer Name = KierensPC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 5/25/2010 12:13:56 AM | Computer Name = KierensPC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/25/2010 4:10:58 AM | Computer Name = KierensPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 5/25/2010 4:10:58 AM | Computer Name = KierensPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 5/25/2010 4:10:58 AM | Computer Name = KierensPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 5/25/2010 12:29:48 PM | Computer Name = KierensPC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 5/25/2010 12:29:48 PM | Computer Name = KierensPC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 5/25/2010 12:29:48 PM | Computer Name = KierensPC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 5/25/2010 12:31:49 PM | Computer Name = KierensPC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/25/2010 12:36:51 PM | Computer Name = KierensPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >


----------



## SweetTech (Jan 1, 1970)

*OTL Fix*

*We need to run an OTL Fix*


Please reopen







on your desktop.
*Copy* and *Paste* the following code into the







textbox. Do not include the word "*Code*"


```
:Services
:OTL
MOD - C:\Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.dll ()
SRV - (DPSplaEMDMgmt) -- C:\Windows\System32\aelupsvcu.exe ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Hkewawosaf] C:\Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.DLL ()
O33 - MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DWA160.exe -- [2008/07/23 21:08:52 | 000,132,352 | R--- | M] (InstallShield Software Corporation)
[2010/05/24 04:43:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 04:10:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2010/05/25 17:02:48 | 000,000,120 | ---- | M] () -- C:\Users\Kieren\AppData\Local\Wfevun.dat
[2010/05/25 01:00:47 | 000,000,000 | ---- | M] () -- C:\Users\Kieren\AppData\Local\Fgohobogiseyit.bin
[2010/05/24 04:43:34 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 04:10:03 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2010/05/24 02:14:21 | 000,000,190 | --S- | M] () -- C:\Windows\System32\3078003147.dat
[2010/05/24 19:39:01 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ceguxane.sys
[2010/05/24 04:10:03 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\jzhtehny.sys
[2010/05/24 04:43:34 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tzvihvbc.sys
[2010/05/24 16:49:28 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\yrmndbyh.sys
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

*NEXT:*

*Running ComboFix*
Download *Combofix* from either of the links below, and save it to your desktop.

*Link 1* 
*Link 2*

**Note: It is important that it is saved directly to your desktop**

-------------------------------------------------------------------- 
IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on *ComboFix.exe* & follow the prompts. 

When finished, it will produce a report for you.
Please post the *C:\ComboFix.txt* for further review.


----------



## Staminize (May 25, 2010)

I have ran the OTS fix and have the log ready. Combofix said it detected rootkit activity and must restart, so i hit ok. After it restarted it went back to the combo fix program with a black screen behind it and continued to work. By the time stage 3 had said complete it said a prgoram had stopped working, and must close, i hit close and the scan seemed to be continueing. Should i let it continue or is there an issue? thanks.


----------



## SweetTech (Jan 1, 1970)

Please allow it to continue.


----------



## Staminize (May 25, 2010)

nvm your last response covers my concern, ille continue on


----------



## Staminize (May 25, 2010)

*OTS Fix Log:*

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service DPSplaEMDMgmt stopped successfully!
Service DPSplaEMDMgmt deleted successfully!
File move failed. C:\Windows\System32\aelupsvcu.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hkewawosaf deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c9e860c-87c4-11dc-b91b-806e6f6e6963}\ not found.
File move failed. E:\DWA160.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\tzvihvbc.sys moved successfully.
C:\Windows\System32\drivers\jzhtehny.sys moved successfully.
C:\Users\Kieren\AppData\Local\Wfevun.dat moved successfully.
C:\Users\Kieren\AppData\Local\Fgohobogiseyit.bin moved successfully.
File C:\Windows\System32\drivers\tzvihvbc.sys not found.
File C:\Windows\System32\drivers\jzhtehny.sys not found.
File move failed. C:\Windows\System32\3078003147.dat scheduled to be moved on reboot.
C:\Windows\System32\drivers\ceguxane.sys moved successfully.
File C:\Windows\System32\drivers\jzhtehny.sys not found.
File C:\Windows\System32\drivers\tzvihvbc.sys not found.
C:\Windows\System32\drivers\yrmndbyh.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kieren
->Temp folder emptied: 25590293 bytes
->Temporary Internet Files folder emptied: 15047924 bytes
->Java cache emptied: 54780 bytes
->Flash cache emptied: 573 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 917678 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kieren
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05262010_132107
Files\Folders moved on Reboot...
C:\Windows\System32\aelupsvcu.exe moved successfully.
File move failed. E:\DWA160.exe scheduled to be moved on reboot.
C:\Windows\System32\3078003147.dat moved successfully.
File\Folder C:\Windows\temp\57CB.tmp not found!
Registry entries deleted on Reboot...

*ComboFix Log:*

ComboFix 10-05-26.01 - Kieren 05/26/2010 13:37:29.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.3070.1903 [GMT -6:00]
Running from: c:\users\Kieren\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Kieren\AppData\Local\preciz.dll
c:\users\Kieren\AppData\Roaming\Desktopicon
c:\users\Kieren\AppData\Roaming\Desktopicon\config.ini
c:\users\Kieren\burnsetup.exe
c:\users\Kieren\InstallSB.exe
c:\users\Kieren\setup_blazemp.exe
c:\windows\system32\AbaleZip.dll
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected 
Restored copy from - Kitty had a snack  
.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.
2010-05-26 19:42 . 2010-05-26 19:43 -------- d-----w- c:\users\Kieren\AppData\Local\temp
2010-05-26 19:42 . 2010-05-26 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 19:21 . 2010-05-26 19:21 -------- d-----w- C:\_OTL
2010-05-25 16:38 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-05-25 04:34 . 2010-05-25 04:34 388096 ----a-r- c:\users\Kieren\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 04:34 . 2010-05-25 04:34 -------- d-----w- c:\program files\Trend Micro
2010-05-25 04:24 . 2008-07-10 17:50 262144 ----a-w- c:\windows\system32\wlanapp.dll
2010-05-25 04:24 . 2008-07-10 15:54 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-05-25 04:24 . 2008-06-20 20:08 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-05-25 04:24 . 2008-06-13 16:34 262144 ----a-w- c:\windows\system32\wnicapi.dll
2010-05-25 04:24 . 2006-09-26 19:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-05-25 04:24 . 2005-10-20 00:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-05-25 04:24 . 2010-05-25 04:24 -------- d-----w- c:\program files\ANI
2010-05-25 04:24 . 2005-10-27 14:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-05-25 04:24 . 2005-10-20 00:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-05-25 04:23 . 2010-05-25 04:23 -------- d-----w- c:\program files\D-Link
2010-05-25 04:23 . 2010-05-25 04:23 -------- d-----w- c:\users\Kieren\AppData\Roaming\InstallShield
2010-05-24 22:40 . 2010-05-24 22:40 29715200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F11E726B-7B7C-5F1C-2786-9264A2DC1018}-fate-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 27700464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{06762215-E7BD-23C1-6482-D36F5942CAE5}-jewelquest2-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 26449952 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A299806C-16D1-F1E1-33FC-3BE7A2FC8AB3}-jewelsofcleopatra-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 23221368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{9E61D340-4192-29CA-7BFD-9BF1D5FD33DF}-supergranny3-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 21183280 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{03287172-69A5-76E7-4C46-472C750DF856}-treasurepyramid-setup.exe
2010-05-24 18:13 . 2010-05-25 02:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-24 11:25 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-05-24 11:25 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-05-24 11:24 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-05-24 11:24 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-24 11:24 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-24 11:24 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-05-24 11:24 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-24 11:24 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-24 11:23 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-24 11:23 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-05-24 08:28 . 2010-05-24 08:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-24 08:17 . 2010-05-24 08:17 120 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Wfevun.dat
2010-05-24 08:17 . 2010-05-24 08:17 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Fgohobogiseyit.bin
2010-05-24 08:17 . 2010-05-24 08:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}
2010-05-12 03:16 . 2010-05-12 03:16 -------- d-----w- c:\users\Kieren\AppData\Roaming\LolClient
2010-04-30 16:01 . 2010-04-30 16:01 -------- d-----w- c:\users\Kieren\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-04-30 15:44 . 2008-07-31 16:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-30 15:44 . 2008-07-31 16:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-30 15:44 . 2008-07-12 14:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-04-30 15:44 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-30 15:44 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-04-30 15:44 . 2010-04-30 16:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-30 15:40 . 2010-04-30 15:40 -------- d-----w- C:\Riot Games
2010-04-30 04:21 . 2010-05-26 19:35 -------- d-----w- c:\users\Kieren\AppData\Local\PMB Files
2010-04-30 04:21 . 2010-04-30 04:21 -------- d-----w- c:\programdata\PMB Files
2010-04-30 04:18 . 2010-04-30 04:18 -------- d-----w- c:\program files\Pando Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 02:09 . 2007-09-12 00:32 -------- d-----w- c:\program files\Symantec
2010-05-26 02:09 . 2007-09-12 00:31 -------- d-----w- c:\programdata\Symantec
2010-05-26 02:09 . 2007-09-12 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 02:07 . 2009-12-16 00:03 -------- d-----w- c:\programdata\Norton
2010-05-25 22:12 . 2010-04-12 05:38 -------- d-----w- c:\program files\Ask.com
2010-05-25 22:11 . 2009-02-04 01:56 -------- d-----w- c:\program files\LimeWire
2010-05-25 04:24 . 2007-09-12 00:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 04:24 . 2007-09-12 00:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-25 04:20 . 2010-03-17 23:14 -------- d-----w- c:\program files\SpeedyPC
2010-05-24 22:49 . 2009-05-28 04:53 -------- d-----w- c:\program files\Unlocker
2010-05-24 18:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-19 18:00 . 2007-11-25 04:17 -------- d-----w- c:\program files\Starcraft
2010-05-12 17:21 . 2009-10-05 07:46 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 18:32 . 2010-04-23 18:32 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-18 02:30 . 2007-09-11 23:57 -------- d-----w- c:\program files\CONEXANT
2010-04-10 03:14 . 2009-01-24 05:46 196608 ----a-w- c:\users\Kieren\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2010-04-10 03:14 . 2009-01-24 05:46 258048 ----a-w- c:\users\Kieren\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2010-04-05 07:49 . 2009-02-21 04:08 2806 ----a-w- c:\users\Kieren\AppData\Roaming\wklnhst.dat
2010-03-17 06:17 . 2007-11-25 00:29 101144 ----a-w- c:\users\Kieren\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 16:54 . 2010-05-24 11:26 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-05-24 11:26 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-05-24 11:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-05-24 11:26 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-05-24 11:26 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-05-24 11:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-05-24 11:26 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 19:24 . 2010-05-24 11:26 434176 ----a-w- c:\windows\system32\vbscript.dll
2007-09-12 00:53 . 2007-09-12 00:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-30 2938552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-12 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160"="c:\program files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe" [2008-07-11 1679360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-09 07:03 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-17 23:06 1217872 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-03 03:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 plaEMDMgmt;Performance Logs & Alerts plaEMDMgmt;c:\windows\system32\ActiveContentWizardp.exe [x]
R2 slsvcWMPNetworkSvc;Software Licensing slsvcWMPNetworkSvc;c:\windows\system32\ANIWZCS{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}m.exe [x]
R2 WPDBusEnum Notice Service;Portable Device Enumerator Service WPDBusEnum Notice Service;c:\windows\system32\algw.exe [x]
R2 wudfsvcISPwdSvc;Windows Driver Foundation - User-mode Driver Framework wudfsvcISPwdSvc;c:\windows\system32\acluiw.exe [x]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2006-05-09 347648]
R3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
S3 arusb_lh;Atheros 11n Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-06-13 435200]
.
Contents of the 'Scheduled Tasks' folder
2008-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2010-05-24 c:\windows\Tasks\ParetoLogic Privacy Controls_{4A15AFF5-3239-11DF-BEE9-001BB9D97FE5}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]
2010-05-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
2010-05-23 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
2010-05-25 c:\windows\Tasks\SpeedyPC Program Check.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-05-26 c:\windows\Tasks\SpeedyPC Startup.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-03-18 c:\windows\Tasks\SpeedyPC.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-05-26 c:\windows\Tasks\User_Feed_Synchronization-{1EF0E0D0-18BD-4006-B096-0041EB64F3F2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Jkoxiwitatuxofum - c:\users\Kieren\AppData\Local\preciz.dll

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 13:43
Windows 6.0.6000 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-26 13:44:25
ComboFix-quarantined-files.txt 2010-05-26 19:44
Pre-Run: 309,153,660,928 bytes free
Post-Run: 308,066,050,048 bytes free
- - End Of File - - B46E43F5ED4380566043A361E3231397


----------



## SweetTech (Jan 1, 1970)

Hello,

*ComboFix Script*


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
http://forums.techguy.org/7409047-post15.html
Collect::
c:\windows\system32\config\systemprofile\AppData\Local\Wfevun.dat
c:\windows\system32\config\systemprofile\AppData\Local\Fgohobogiseyit.bin

Folder::
c:\windows\system32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*











Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

*NEXT:*

*Scanning with MalwareBytes' Anti-Malware*
Please download *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. *

*NEXT:*

*ESET Online Scanner*
*I'd like us to scan your machine with ESET Online Scan*

*Note:* *It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.*



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








Make sure that the option "Remove found threats" is Unchecked
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push









*NEXT:*

*OTL Custom Scan*

*We need to run an OTL Custom Scan*


Please reopen







on your desktop.
*Copy* and *Paste* the following bolded text into the







textbox.

*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
*Push*








A report will open. *Copy* and *Paste* that report in your next reply.

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The log that was produced after running the ComboFix scan.
*3.* The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
*4.* The log that was produced after running the ESET Online Virus Scanner.
*5.* The log that was produced after running the OTL scan.
*6.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*

Cheers,
SweetTech.


----------



## Staminize (May 25, 2010)

*ComboFix Log:*

ComboFix 10-05-26.01 - Kieren 05/26/2010 14:40:33.2.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.3070.2059 [GMT -6:00]
Running from: c:\users\Kieren\Desktop\ComboFix.exe
Command switches used :: c:\users\Kieren\Desktop\CFScript.txt
file zipped: c:\windows\system32\config\systemprofile\AppData\Local\Fgohobogiseyit.bin
file zipped: c:\windows\system32\config\systemprofile\AppData\Local\Wfevun.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E}
c:\users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E}\chrome.manifest
c:\users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E}\chrome\content\_cfg.js
c:\users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E}\chrome\content\overlay.xul
c:\users\Kieren\AppData\Local\{108BED12-7760-4D58-95D2-928B56A5447E}\install.rdf
c:\windows\System32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}
c:\windows\System32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}\chrome.manifest
c:\windows\system32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}\chrome\content\_cfg.js
c:\windows\system32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{CAAD0FE5-6EB3-45D8-B9F1-866FAEBACB14}\install.rdf
c:\windows\system32\config\systemprofile\AppData\Local\Fgohobogiseyit.bin
c:\windows\system32\config\systemprofile\AppData\Local\Wfevun.dat
.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.
2010-05-26 20:43 . 2010-05-26 20:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-05-26 20:43 . 2010-05-26 20:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-26 20:43 . 2010-05-26 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 20:38 . 2010-05-26 20:39 -------- d-----w- C:\32788R22FWJFW
2010-05-26 19:44 . 2010-05-26 20:43 -------- d-----w- c:\users\Kieren\AppData\Local\temp
2010-05-26 19:21 . 2010-05-26 19:21 -------- d-----w- C:\_OTL
2010-05-25 16:38 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-05-25 04:34 . 2010-05-25 04:34 388096 ----a-r- c:\users\Kieren\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 04:34 . 2010-05-25 04:34 -------- d-----w- c:\program files\Trend Micro
2010-05-25 04:24 . 2008-07-10 17:50 262144 ----a-w- c:\windows\system32\wlanapp.dll
2010-05-25 04:24 . 2008-07-10 15:54 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-05-25 04:24 . 2008-06-20 20:08 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-05-25 04:24 . 2008-06-13 16:34 262144 ----a-w- c:\windows\system32\wnicapi.dll
2010-05-25 04:24 . 2006-09-26 19:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-05-25 04:24 . 2005-10-20 00:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-05-25 04:24 . 2010-05-25 04:24 -------- d-----w- c:\program files\ANI
2010-05-25 04:24 . 2005-10-27 14:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-05-25 04:24 . 2005-10-20 00:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-05-25 04:23 . 2010-05-25 04:23 -------- d-----w- c:\program files\D-Link
2010-05-25 04:23 . 2010-05-25 04:23 -------- d-----w- c:\users\Kieren\AppData\Roaming\InstallShield
2010-05-24 22:40 . 2010-05-24 22:40 29715200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F11E726B-7B7C-5F1C-2786-9264A2DC1018}-fate-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 27700464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{06762215-E7BD-23C1-6482-D36F5942CAE5}-jewelquest2-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 26449952 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A299806C-16D1-F1E1-33FC-3BE7A2FC8AB3}-jewelsofcleopatra-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 23221368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{9E61D340-4192-29CA-7BFD-9BF1D5FD33DF}-supergranny3-setup.exe
2010-05-24 22:40 . 2010-05-24 22:40 21183280 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{03287172-69A5-76E7-4C46-472C750DF856}-treasurepyramid-setup.exe
2010-05-24 18:13 . 2010-05-25 02:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-24 11:25 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-05-24 11:25 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-05-24 11:24 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-05-24 11:24 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-24 11:24 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-24 11:24 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-05-24 11:24 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-24 11:24 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-24 11:23 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-24 11:23 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-05-24 08:28 . 2010-05-24 08:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-12 03:16 . 2010-05-12 03:16 -------- d-----w- c:\users\Kieren\AppData\Roaming\LolClient
2010-04-30 16:01 . 2010-04-30 16:01 -------- d-----w- c:\users\Kieren\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-04-30 15:44 . 2008-07-31 16:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-30 15:44 . 2008-07-31 16:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-30 15:44 . 2008-07-12 14:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-04-30 15:44 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-30 15:44 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-04-30 15:44 . 2010-04-30 16:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-30 15:40 . 2010-04-30 15:40 -------- d-----w- C:\Riot Games
2010-04-30 04:21 . 2010-05-26 19:35 -------- d-----w- c:\users\Kieren\AppData\Local\PMB Files
2010-04-30 04:21 . 2010-04-30 04:21 -------- d-----w- c:\programdata\PMB Files
2010-04-30 04:18 . 2010-04-30 04:18 -------- d-----w- c:\program files\Pando Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 02:09 . 2007-09-12 00:32 -------- d-----w- c:\program files\Symantec
2010-05-26 02:09 . 2007-09-12 00:31 -------- d-----w- c:\programdata\Symantec
2010-05-26 02:09 . 2007-09-12 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 02:07 . 2009-12-16 00:03 -------- d-----w- c:\programdata\Norton
2010-05-25 22:12 . 2010-04-12 05:38 -------- d-----w- c:\program files\Ask.com
2010-05-25 22:11 . 2009-02-04 01:56 -------- d-----w- c:\program files\LimeWire
2010-05-25 04:24 . 2007-09-12 00:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 04:24 . 2007-09-12 00:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-25 04:20 . 2010-03-17 23:14 -------- d-----w- c:\program files\SpeedyPC
2010-05-24 22:49 . 2009-05-28 04:53 -------- d-----w- c:\program files\Unlocker
2010-05-24 18:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-19 18:00 . 2007-11-25 04:17 -------- d-----w- c:\program files\Starcraft
2010-05-12 17:21 . 2009-10-05 07:46 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 18:32 . 2010-04-23 18:32 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-18 02:30 . 2007-09-11 23:57 -------- d-----w- c:\program files\CONEXANT
2010-04-10 03:14 . 2009-01-24 05:46 196608 ----a-w- c:\users\Kieren\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2010-04-10 03:14 . 2009-01-24 05:46 258048 ----a-w- c:\users\Kieren\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2010-04-05 07:49 . 2009-02-21 04:08 2806 ----a-w- c:\users\Kieren\AppData\Roaming\wklnhst.dat
2010-03-17 06:17 . 2007-11-25 00:29 101144 ----a-w- c:\users\Kieren\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 16:54 . 2010-05-24 11:26 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-05-24 11:26 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-05-24 11:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-05-24 11:26 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-05-24 11:26 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-05-24 11:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-05-24 11:26 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 19:24 . 2010-05-24 11:26 434176 ----a-w- c:\windows\system32\vbscript.dll
2007-09-12 00:53 . 2007-09-12 00:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-30 2938552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-12 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160"="c:\program files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe" [2008-07-11 1679360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-09 07:03 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-17 23:06 1217872 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-03 03:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 plaEMDMgmt;Performance Logs & Alerts plaEMDMgmt;c:\windows\system32\ActiveContentWizardp.exe [x]
R2 slsvcWMPNetworkSvc;Software Licensing slsvcWMPNetworkSvc;c:\windows\system32\ANIWZCS{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}m.exe [x]
R2 WPDBusEnum Notice Service;Portable Device Enumerator Service WPDBusEnum Notice Service;c:\windows\system32\algw.exe [x]
R2 wudfsvcISPwdSvc;Windows Driver Foundation - User-mode Driver Framework wudfsvcISPwdSvc;c:\windows\system32\acluiw.exe [x]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2006-05-09 347648]
R3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
S3 arusb_lh;Atheros 11n Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-06-13 435200]
.
Contents of the 'Scheduled Tasks' folder
2008-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2010-05-24 c:\windows\Tasks\ParetoLogic Privacy Controls_{4A15AFF5-3239-11DF-BEE9-001BB9D97FE5}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]
2010-05-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
2010-05-23 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
2010-05-25 c:\windows\Tasks\SpeedyPC Program Check.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-05-26 c:\windows\Tasks\SpeedyPC Startup.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-03-18 c:\windows\Tasks\SpeedyPC.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
2010-05-26 c:\windows\Tasks\User_Feed_Synchronization-{1EF0E0D0-18BD-4006-B096-0041EB64F3F2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 14:43
Windows 6.0.6000 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-26 14:44:37
ComboFix-quarantined-files.txt 2010-05-26 20:44
ComboFix2.txt 2010-05-26 19:44
Pre-Run: 308,061,941,760 bytes free
Post-Run: 308,051,554,304 bytes free
- - End Of File - - 0D159250A585DFE0FF31C6197043FB7B
Upload was successful

*MBAM Log:*

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4146
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
5/26/2010 3:03:37 PM
mbam-log-2010-05-26 (15-03-37).txt
Scan type: Quick scan
Objects scanned: 125160
Time elapsed: 3 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## Staminize (May 25, 2010)

*ESET Log:*

C:\Qoobox\Quarantine\C\Users\Kieren\AppData\Local\preciz.dll.vir a variant of Win32/Cimag.CL trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir Win32/Olmarik.ZC trojan
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys Win32/Olmarik.ZC trojan
C:\_OTL\MovedFiles\05262010_132107\C_Windows\System32\aelupsvcu.exe Win32/IRCBot.NBC trojan
C:\_OTL\MovedFiles\05262010_132107\C_Windows\System32\config\systemprofile\AppData\Local\ogogovitogo.dll a variant of Win32/Cimag.CK trojan

*OTL Log:*

OTL logfile created on: 5/26/2010 5:52:52 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kieren\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.76 Gb Total Space | 286.80 Gb Free Space | 62.79% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.23 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive E: | 46.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERENSPC
Current User Name: Kieren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Kieren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
PRC - C:\Windows\System32\dlbccoms.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Users\Kieren\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (wudfsvcISPwdSvc) -- File not found
SRV - (WPDBusEnum Notice Service) -- File not found
SRV - (slsvcWMPNetworkSvc) -- File not found
SRV - (plaEMDMgmt) -- File not found
SRV - (Bonjour Service) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (jswpsapi) -- C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtilVst\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dlbc_device) -- C:\Windows\System32\dlbccoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (arusb_lh) -- C:\Windows\System32\drivers\arusb_lh.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (A5AGU) -- C:\Windows\System32\drivers\A5AGU.sys (D-Link Corporation)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2009/02/03 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Mozilla\Extensions
[2009/02/03 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kieren\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/05/26 14:43:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kieren\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kieren\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/11 18:23:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 04:43:44 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 05:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 15:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/26 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\Malwarebytes
[2010/05/26 14:58:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/26 14:58:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/26 14:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 14:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/26 14:50:25 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kieren\Desktop\mbam-setup-1.46.exe
[2010/05/26 14:45:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/26 14:45:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/26 14:38:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/26 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Local\temp
[2010/05/26 13:30:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/26 13:30:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/26 13:30:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/26 13:30:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/26 13:30:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/26 13:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/26 13:21:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/25 20:04:43 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Users\Kieren\Desktop\Norton_Removal_Tool.exe
[2010/05/25 18:38:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Kieren\Desktop\OTL.exe
[2010/05/24 22:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/24 22:24:46 | 000,692,224 | ---- | C] (Wireless Service) -- C:\Windows\System32\ANIWZCS2.dll
[2010/05/24 22:24:46 | 000,262,144 | ---- | C] (Wireless Service) -- C:\Windows\System32\wnicapi.dll
[2010/05/24 22:24:46 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2010/05/24 22:24:46 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2010/05/24 22:24:46 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2010/05/24 22:24:45 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2010/05/24 22:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2010/05/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2010/05/24 22:23:51 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\InstallShield
[2010/05/24 12:13:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/05/24 05:26:22 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/24 05:26:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/24 05:26:21 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/24 05:26:20 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/24 05:26:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/24 05:26:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/24 05:26:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/24 05:26:20 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/24 05:26:19 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/24 05:26:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/24 05:26:19 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/24 05:26:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/24 05:26:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/24 05:26:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/24 05:26:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/24 05:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/24 05:26:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/24 05:26:19 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/24 05:26:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/24 05:26:18 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/24 05:26:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/24 05:26:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/24 05:26:07 | 003,504,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/24 05:26:07 | 003,470,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/24 05:26:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/24 05:25:53 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/24 05:25:53 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/24 05:24:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/05/24 05:24:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/05/24 02:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/24 02:28:19 | 007,249,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Kieren\Documents\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/11 21:16:48 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\LolClient
[2010/04/30 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/04/30 09:44:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/04/30 09:44:20 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/04/30 09:44:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/04/30 09:44:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/04/30 09:44:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/04/30 09:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/30 09:40:49 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/04/29 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Kieren\AppData\Local\PMB Files
[2010/04/29 22:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/04/29 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2007/02/02 08:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 07:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 19:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 19:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 19:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 18:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 18:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 18:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 18:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 18:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 18:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 18:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 18:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 30 Days ==========

[2010/05/26 17:52:47 | 002,359,296 | -HS- | M] () -- C:\Users\Kieren\ntuser.dat
[2010/05/26 17:36:22 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 17:36:22 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 17:02:31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1EF0E0D0-18BD-4006-B096-0041EB64F3F2}.job
[2010/05/26 17:00:03 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Program Check.job
[2010/05/26 14:58:30 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 14:50:26 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kieren\Desktop\mbam-setup-1.46.exe
[2010/05/26 14:43:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/26 14:43:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/26 13:43:44 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/26 13:43:44 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/26 13:43:44 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/26 13:36:47 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Startup.job
[2010/05/26 13:36:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/26 13:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/26 13:36:11 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 13:29:00 | 003,699,648 | R--- | M] () -- C:\Users\Kieren\Desktop\ComboFix.exe
[2010/05/26 13:25:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/26 13:25:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/26 13:23:06 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/26 13:23:01 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/26 13:22:56 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/05/26 03:41:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/26 03:41:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/26 03:28:02 | 001,649,792 | -H-- | M] () -- C:\Users\Kieren\AppData\Local\IconCache.db
[2010/05/25 22:21:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/25 22:21:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/25 20:36:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/25 20:36:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/25 20:26:31 | 263,360,762 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/25 20:11:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/25 20:11:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/25 20:04:43 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Users\Kieren\Desktop\Norton_Removal_Tool.exe
[2010/05/25 18:53:37 | 000,293,376 | ---- | M] () -- C:\Users\Kieren\Desktop\mk1lxwy0.exe
[2010/05/25 18:38:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Kieren\Desktop\OTL.exe
[2010/05/25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/05/25 10:31:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/25 10:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/24 23:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/24 23:21:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/24 22:34:01 | 000,001,950 | ---- | M] () -- C:\Users\Kieren\Desktop\HiJackThis.lnk
[2010/05/24 22:33:45 | 001,402,880 | ---- | M] () -- C:\Users\Kieren\Documents\HiJackThis.msi
[2010/05/24 22:30:18 | 000,060,928 | ---- | M] () -- C:\Users\Kieren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 22:24:34 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/05/24 22:21:20 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 22:20:46 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\SpeedyPC.lnk
[2010/05/24 22:14:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/24 22:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/24 22:14:02 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 20:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/24 20:25:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/24 20:17:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/24 20:17:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/24 20:17:15 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}
[2010/05/24 20:17:04 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{28CBF4FB-3C8C-4DB7-AAA8-10F553AF6387}
[2010/05/24 20:08:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/24 20:08:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/24 18:12:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/24 18:12:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/24 12:13:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/24 12:13:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/24 05:55:11 | 000,000,170 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/05/24 05:04:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/24 05:04:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/24 04:46:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/24 04:46:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/24 04:13:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/24 04:13:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/05/24 03:31:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/24 03:31:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/24 03:25:52 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Privacy Controls_{4A15AFF5-3239-11DF-BEE9-001BB9D97FE5}.job
[2010/05/24 02:28:40 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/24 02:28:26 | 007,249,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Kieren\Documents\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/23 01:55:56 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/05/21 09:52:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/21 09:52:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/17 08:31:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/17 08:31:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/14 18:33:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/14 18:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/12 21:51:03 | 000,002,231 | ---- | M] () -- C:\Users\Kieren\Desktop\iTunes.lnk
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/30 09:44:21 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/29 22:18:14 | 002,180,280 | ---- | M] () -- C:\Users\Kieren\Documents\LeagueOfLegendsDownloader.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/26 14:58:30 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 13:30:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/26 13:30:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/26 13:30:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/26 13:30:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/26 13:30:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/26 13:29:00 | 003,699,648 | R--- | C] () -- C:\Users\Kieren\Desktop\ComboFix.exe
[2010/05/25 22:20:46 | 3219,628,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/25 20:25:50 | 263,360,762 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/25 18:53:25 | 000,293,376 | ---- | C] () -- C:\Users\Kieren\Desktop\mk1lxwy0.exe
[2010/05/24 22:34:01 | 000,001,950 | ---- | C] () -- C:\Users\Kieren\Desktop\HiJackThis.lnk
[2010/05/24 22:33:25 | 001,402,880 | ---- | C] () -- C:\Users\Kieren\Documents\HiJackThis.msi
[2010/05/24 22:27:58 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/24 22:25:09 | 000,000,007 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{A61DA732-8105-47D8-A7C7-EC1E20B26F2C}
[2010/05/24 22:24:46 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010/05/24 22:24:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010/05/24 22:24:34 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/05/24 21:38:53 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 21:36:53 | 000,000,007 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{17A275E0-A2A4-420C-8B11-5BC9491A683E}
[2010/05/24 05:55:11 | 000,000,170 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/24 02:28:40 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/30 09:44:21 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/29 22:17:57 | 002,180,280 | ---- | C] () -- C:\Users\Kieren\Documents\LeagueOfLegendsDownloader.exe
[2009/05/21 22:38:43 | 000,847,360 | ---- | C] () -- C:\Windows\System32\JS32.dll
[2007/12/02 21:01:32 | 000,000,095 | ---- | C] () -- C:\Windows\dellstat.ini
[2007/09/11 18:01:43 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/11 18:01:43 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 09:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/02 08:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 07:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/12/14 00:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/01 14:43:08 | 000,000,089 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[2005/10/05 15:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000091.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/01 16:12:22 | 000,000,865 | ---- | M] () -- C:\A2Output2.xml
[2008/12/01 16:12:22 | 000,000,865 | ---- | M] () -- C:\A2Output6.xml
[2007/09/11 18:23:24 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/05/04 16:09:11 | 000,000,259 | ---- | M] () -- C:\BnetLog.txt
[2006/11/02 03:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/09/11 18:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/26 14:45:38 | 000,016,871 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/26 13:36:11 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 13:36:08 | 3533,570,048 | -HS- | M] () -- C:\pagefile.sys
[2010/05/24 04:46:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/24 05:04:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/24 12:13:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/24 18:12:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/24 20:08:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/24 20:17:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/24 20:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/24 22:14:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/24 23:21:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/25 10:31:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/25 20:11:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/25 20:36:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/25 22:21:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/26 03:41:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/26 13:25:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/14 18:33:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/17 08:31:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/21 09:52:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/24 03:31:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/24 04:13:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/24 04:46:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/24 05:04:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/24 12:13:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/24 18:12:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/24 20:08:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/24 20:17:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/24 20:25:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/24 22:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/24 23:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/25 10:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/25 20:11:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/25 20:36:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/25 22:21:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/26 03:41:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/26 13:25:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/14 18:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/17 08:31:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/21 09:52:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/24 03:31:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/24 04:13:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/09 10:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\dxtmsft.dll
[2010/03/09 10:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\dxtrans.dll
[2010/03/09 10:50:34 | 000,192,512 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\iepeers.dll
[2006/11/02 03:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\rsaenh.dll
[2007/09/11 18:53:26 | 000,223,232 | ---- | M] (Microsoft Corporation)* Unable to obtain MD5* -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/02/20 15:30:16 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys
[2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpNWMon.sys
[2010/02/23 07:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 06:15:49 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 06:15:30 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 06:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 06:04:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2010/02/18 06:04:38 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF
< End of report >


----------



## SweetTech (Jan 1, 1970)

How are things running?


----------



## Staminize (May 25, 2010)

Things are running real well as of now. although i never felt real significant problems in general speed of my computer, there have been random crashes/shutdowns and program freezing in the past (more frequent as of lately). do we still have work to do?


----------



## SweetTech (Jan 1, 1970)

Hello,

*Update Adobe Reader*
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
 Go to

*Start* > *Control Panel* > *Add/Remove Programs*
 Remove ALL instances of Adobe Reader
 Re-boot your computer as required.
 Once ALL versions of Adobe Reader have been uninstalled, visit: *

<<here>>* and download the latest version of Adobe Reader
*Alternative Option:* after

uninstalling Adobe Reader, you could try installing Foxit Reader from

*>here<* Foxit Reader has

fewer add-ons therefore loads more quickly.

*NEXT:*

*Java Outdated*
*Your Java is out of date.* *Older versions have vulnerabilities that malicious sites can use to

exploit and infect your system.* Please follow these steps to remove older version Java components and update:


Download the latest version of *Java Runtime

Environment (JRE) Version 6* and save it to your desktop.
Look for "*JDK 6 Update 20 (JDK or JRE)*".
Click the "*Download JRE*" button to the right.
Select your Platform: "_Windows_".
Select your Language: "_Multi-language_".
Read the License Agreement, and then check the box that says: "_Accept License Agreement_".
Click *Continue* and the page will refresh.
Under Required Files, check the box for *Windows Offline Installation*, click the link below it and save the file

to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel,

double-click on *Add/Remove Programs

* and remove *all* older versions of Java.
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the *Remove* or *Change/Remove* button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-6u20-windows-i586.exe* to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then

Run As Administrator.
When the _Java Setup - Welcome_ window opens, click the *Install >* button.
If offered to install a Toolbar, just *uncheck* the box before continuing unless you want it.
_

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses

Enhanced Auto update to

automatically remove the previous version when updating to a later update release. It will not remove older versions, so

they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the

Java Automatic Update

 feature and you will not have to remember to update when Java releases a new version._

Note: 
The *Java Quick Starter

(JQS.exe)* adds a service to improve the initial startup time of Java applets and applications. 
To _*disable the JQS service*_ if you don't want to use it, go to Start > Control Panel > Java > Advanced >

Miscellaneous and *uncheck* the box for *Java Quick Starter*.
Click Ok and reboot your computer.

*NEXT*

*Clean Java Cache & Temporary Files*

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks

like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*
*Applications and AppletsTrace

and Log Files*

Click OK on Delete Temporary Files Window

*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


*NEXT:*

*OTL Fix*

*We need to run an OTL Fix*

Please reopen







on your

desktop.
*Copy* and *Paste* the following code into the http://billy-oneal.com/Canned

%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word "*Code*"


```
:Services
:OTL
SRV - (wudfsvcISPwdSvc) -- File not found
SRV - (WPDBusEnum Notice Service) -- File not found
SRV - (slsvcWMPNetworkSvc) -- File not found
SRV - (plaEMDMgmt) -- File not found
SRV - (Bonjour Service) -- File not found
DRV - (catchme) -- File not found
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/05/26 14:50:25 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kieren\Desktop\mbam-setup-1.46.exe
[2010/05/25 20:04:43 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Users\Kieren\Desktop\Norton_Removal_Tool.exe
[2010/05/25 18:53:37 | 000,293,376 | ---- | M] () -- C:\Users\Kieren\Desktop\mk1lxwy0.exe
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000091.DLL
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF
:Files
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the

date of the tool run.

*NEXT:*

*Post the log that is produced after running the OTL fix.*


----------



## Staminize (May 25, 2010)

I would just like to add in regards to how my computer is running that while uninstalling the old adobe reader windows explorer stopped working twice within a 2 minute period, reloaded the desktop both times. i will continue your steps and post when able


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## Staminize (May 25, 2010)

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service wudfsvcISPwdSvc stopped successfully!
Service wudfsvcISPwdSvc deleted successfully!
File File not found not found.
Service WPDBusEnum Notice Service stopped successfully!
Service WPDBusEnum Notice Service deleted successfully!
File File not found not found.
Service slsvcWMPNetworkSvc stopped successfully!
Service slsvcWMPNetworkSvc deleted successfully!
File File not found not found.
Service plaEMDMgmt stopped successfully!
Service plaEMDMgmt deleted successfully!
File File not found not found.
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Kieren\Desktop\mbam-setup-1.46.exe moved successfully.
C:\Users\Kieren\Desktop\Norton_Removal_Tool.exe moved successfully.
C:\Users\Kieren\Desktop\mk1lxwy0.exe moved successfully.
C:\Windows\UA000091.DLL moved successfully.
ADS C:\ProgramData\TEMP:4B7BEAFF deleted successfully.
========== FILES ==========
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kieren
->Temp folder emptied: 3374558 bytes
->Temporary Internet Files folder emptied: 46399141 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 439 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70358 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kieren
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05262010_195152
Files\Folders moved on Reboot...
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SH0941\5XJPCA8E91JCCA9I6QMRCATPU07HCAUXFZDPCAH8T73SCAAKHG5HCA0J676DCA97DC8UCA5LO6SCCAZAJVE1CAHIW2AVCAE9AXFICAIDGSWTCAZL03NYCAWUKP6QCA8BGHHNCAHEHNVICAB73E6WCAZZYE97.htm scheduled to be moved on reboot.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SH0941\DKIZCAOV2NAHCA6QSDQGCAN459Y7CA5C2MDUCA355HUQCAJBW222CA44NPF2CA9DSF95CA7GV3VQCAG8VBYBCAQAPA52CAPMZXM6CAC1KBYDCAV7WHR6CAPUI14QCAY6Z4UFCAMHMEQ3CA33WBTBCAA997LC.htm scheduled to be moved on reboot.
C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLBJW0L\925071-virus-win32-alureon-h-2[2].htm moved successfully.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLBJW0L\QOY6CA29R7RYCA7HE2OHCAACF8MECAVD8RQNCAZWLPZPCABICN58CA3MIZIPCAK0C2XLCACXWL3RCALJ1I1ICAB823MDCACUI7M0CA3F73IACAJFLNF8CA4EUNUOCAPNT2P9CAXSDB7ACAPIHPL0CAU2DF7V.htm scheduled to be moved on reboot.
C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLBJW0L\sh18[1].htm moved successfully.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLBJW0L\XSQMCACANVL5CARSKUO2CAOCAUUACAD4CPV4CAGJ2IWVCA21WR47CALN1OMJCAJUFEBBCAHJZVMECAVE0KAMCARL003ZCABS63KRCAZLDSWYCAL15NI5CAE200ELCA1WLH4SCAHI235ECA1VHVAICAJBH5P2.htm scheduled to be moved on reboot.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBWEMPS5\HB0MCAF062JKCAD8148PCATL87FDCAGD05KNCAY8KRDACAH4L1XJCAEX7MT4CASRWN2BCAWFN6UPCAC2KLKZCAQM8HIOCAL8AA73CAB7KQBFCAYRDDG6CAWV4NJICATMYOS2CATOTSHJCAD0CZQICAVRPB1U.htm scheduled to be moved on reboot.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBWEMPS5\HYQQCAJETE8NCA4VGUZDCARRQZNDCAPH74ITCAZN4TYGCABY5V2ZCAUTSUHDCA7E0ZHLCAZMNDLWCA55FRE3CA8RGN90CA3YKUMECAPUGN6TCA1CSL1KCAGCMN9JCAAV90JKCA6BG4QZCACH0A14CASUGYS7.htm scheduled to be moved on reboot.
File move failed. C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBWEMPS5\SH0JCA1V6PTJCA0Z75M4CAZ3AXWSCAFDHVQRCANMW1MBCAJ7AQUKCAX27LQTCA333IPDCA7RST9KCAXIG9PPCA2IJA3KCA5VJ5QDCAITIJPYCAMI5PCWCAYG8O1ACAIYRFV7CAIB8X0PCAW6D369CA6RBBSG.htm scheduled to be moved on reboot.
C:\Users\Kieren\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
Registry entries deleted on Reboot...


----------



## SweetTech (Jan 1, 1970)

Hello,

*If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.*

*NEXT:*

*Time for some housekeeping*
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: *ComboFix /Uninstall *

*NEXT:*

*OTL Clean-Up*
Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.
*If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.*

*NEXT:*

*All Clean Speech*

*===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===*​Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article*
Strong passwords: How to create and use them* then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*SpywareBlaster* protects against bad ActiveX, it immunizes your PC against them.

*SpywareGuard* offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*ATF Cleaner* - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*MVPS Hosts file* replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go
*Yellow* for caution
*Red* to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from *Here*
If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
*NoScript* - for blocking ads and other potential website attacks


*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.


----------



## Staminize (May 25, 2010)

i have cleaned up as necissary and will definatly consider Firefox as an alternative browser. Thank you for your swift and smooth assistance!


----------



## SweetTech (Jan 1, 1970)

You are more than welcome.

Stay Safe & Stay Clean.

Cheers,
SweetTech.


----------

