# Google Redirects and CHKDSK on reboot



## brad33 (May 31, 2011)

Google searches redirect me and CHKDSK wants to run every time I restart my computer. Here is a HijackThis logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:58:11 PM, on 5/31/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Brad\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59354
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4681 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

We'll look at the CHKDSK in a bit, as it may/may not be related to the malware.

Firstly, can you do the following for me:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## brad33 (May 31, 2011)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6741

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/1/2011 3:18:54 AM
mbam-log-2011-06-01 (03-18-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 333239
Time elapsed: 1 hour(s), 12 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2011 at 05:32 AM

Application Version : 4.53.1000

Core Rules Database Version : 7174
Trace Rules Database Version: 4986

Scan type : Complete Scan
Total Scan Time : 00:47:44

Memory items scanned : 758
Memory threats detected : 0
Registry items scanned : 8238
Registry threats detected : 0
File items scanned : 32569
File threats detected : 132

Adware.Tracking Cookie
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
ia.media-imdb.com [ C:\Users\Brad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DPF2SGTC ]
ds.serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBR9MCV3 ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBR9MCV3 ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBR9MCV3 ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBR9MCV3 ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MBR9MCV3 ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:49 AM, on 6/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59354
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5017 bytes


----------



## eddie5659 (Mar 19, 2001)

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## brad33 (May 31, 2011)

ComboFix 11-05-27.02 - Brad 06/01/2011 14:33:04.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3325.1879 [GMT -5:00]
Running from: c:\users\Brad\Desktop\username123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brad\AppData\Local\{6A66252C-662A-49E7-A337-EEE62260E23D}
c:\users\Brad\AppData\Local\{6A66252C-662A-49E7-A337-EEE62260E23D}\chrome\content\overlay.xul
c:\users\Brad\AppData\Local\{6A66252C-662A-49E7-A337-EEE62260E23D}\install.rdf
c:\users\Brad\AppData\Roaming\.#
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Cookies\8419389na.t.vir
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-06-01 19:18 . 2011-06-01 19:18 -------- d-----w- c:\users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}
2011-06-01 07:17 . 2011-06-01 07:18 -------- d-----w- c:\users\Brad\AppData\Local\{843475BB-6E29-4E70-AED9-64D222A1267C}
2011-05-31 19:17 . 2011-05-31 19:17 -------- d-----w- c:\users\Brad\AppData\Local\{7F2FFC11-5C5E-4C27-93E5-43DA3AABB288}
2011-05-31 04:48 . 2011-05-31 04:49 -------- d-----w- c:\users\Brad\AppData\Local\{53EEA9A2-800F-453A-87FC-82CCDD5A9450}
2011-05-30 16:48 . 2011-05-30 16:48 -------- d-----w- c:\users\Brad\AppData\Local\{C7A4DC46-D96B-4512-BE2A-3C7189CFF23B}
2011-05-30 07:11 . 2011-05-30 07:11 -------- d-----w- c:\program files\Common Files\Java
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\users\Brad\AppData\Roaming\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-06-01 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-30 04:48 . 2011-05-30 04:48 -------- d-----w- c:\users\Brad\AppData\Local\{2A5C3F06-A9D9-4B2A-A92F-E6E6C78AE1C9}
2011-05-29 16:47 . 2011-05-29 16:47 -------- d-----w- c:\users\Brad\AppData\Local\{1068D63A-6B6F-456D-8607-84F1B5A1188B}
2011-05-29 04:46 . 2011-05-29 04:46 -------- d-----w- c:\users\Brad\AppData\Local\{766D68F8-D04F-406C-85D0-A297337B0843}
2011-05-29 04:17 . 2011-05-29 04:17 0 ----a-w- c:\users\Brad\AppData\Local\Dsijesuxitokesik.bin
2011-05-28 16:40 . 2011-05-28 16:40 -------- d-----w- c:\users\Brad\AppData\Local\{8FD78456-9F74-48AD-B146-F182630E352E}
2011-05-28 04:40 . 2011-05-28 04:40 -------- d-----w- c:\users\Brad\AppData\Local\{EECC9271-B5A5-464D-A6F6-32C89CAC4C05}
2011-05-27 16:40 . 2011-05-27 16:40 -------- d-----w- c:\users\Brad\AppData\Local\{ECB79983-B42A-4011-8464-1C234B28D7E0}
2011-05-27 04:39 . 2011-05-27 04:39 -------- d-----w- c:\users\Brad\AppData\Local\{68B8DFF6-BFD5-4C55-ABC2-3BE41C17F2FE}
2011-05-26 16:39 . 2011-05-26 16:39 -------- d-----w- c:\users\Brad\AppData\Local\{31B60BB9-D976-4AC7-A116-7AA46CE8BB3D}
2011-05-26 04:38 . 2011-05-26 04:38 -------- d-----w- c:\users\Brad\AppData\Local\{60779FCA-A12F-4549-98AE-23D71B197CE1}
2011-05-25 16:37 . 2011-05-25 16:38 -------- d-----w- c:\users\Brad\AppData\Local\{A647C6E9-A9EE-47A7-9EC7-562F01B0DB62}
2011-05-25 04:37 . 2011-05-25 04:37 -------- d-----w- c:\users\Brad\AppData\Local\{1BA2C955-1AF4-4825-8AE1-7543467CECD7}
2011-05-24 16:37 . 2011-05-24 16:37 -------- d-----w- c:\users\Brad\AppData\Local\{C274C761-CA32-4DCB-8FA3-24713021C005}
2011-05-24 04:36 . 2011-05-24 04:36 -------- d-----w- c:\users\Brad\AppData\Local\{21093A7B-BF59-4DFE-9167-60B085072FA0}
2011-05-23 16:36 . 2011-05-23 16:36 -------- d-----w- c:\users\Brad\AppData\Local\{99DD3876-BD21-43B7-A23A-04AFAF926D53}
2011-05-23 08:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A25ED064-1345-4550-92D1-4131ACEA652E}\mpengine.dll
2011-05-23 04:35 . 2011-05-23 04:36 -------- d-----w- c:\users\Brad\AppData\Local\{4C43F296-8506-45BA-9F58-72356C9E60C1}
2011-05-22 16:35 . 2011-05-22 16:35 -------- d-----w- c:\users\Brad\AppData\Local\{BBB4953C-8C79-4AF1-BB6B-407608D231A4}
2011-05-22 04:35 . 2011-05-22 04:35 -------- d-----w- c:\users\Brad\AppData\Local\{0F890556-D054-42D5-8338-44E62ECD794E}
2011-05-22 00:23 . 2011-05-22 00:23 -------- d-----w- c:\users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-22 00:21 . 2011-05-22 00:21 -------- d-----w- c:\programdata\EA Core
2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\users\Brad\AppData\Local\{BA1F462D-F47B-47B6-A6FA-710921B2D4E4}
2011-05-21 04:34 . 2011-05-21 04:34 -------- d-----w- c:\users\Brad\AppData\Local\{9E0DFA6D-C338-4E03-8933-C54A18F15AD9}
2011-05-20 16:33 . 2011-05-20 16:34 -------- d-----w- c:\users\Brad\AppData\Local\{A5C148D2-00CB-449A-B51E-61479D2FFF28}
2011-05-20 04:33 . 2011-05-20 04:33 -------- d-----w- c:\users\Brad\AppData\Local\{00B1EFFC-ED38-4562-9E12-8F6A37B4BCD8}
2011-05-19 16:32 . 2011-05-19 16:32 -------- d-----w- c:\users\Brad\AppData\Local\{D8089E57-8FA0-4770-B115-6CD2532C2243}
2011-05-19 04:32 . 2011-05-19 04:32 -------- d-----w- c:\users\Brad\AppData\Local\{B37ECC41-FAB5-418D-AEB4-F9AF527FB843}
2011-05-18 16:31 . 2011-05-18 16:31 -------- d-----w- c:\users\Brad\AppData\Local\{98C1217B-48B4-4940-8685-6807CAAB268D}
2011-05-18 08:57 . 2011-05-18 08:57 -------- d-----w- c:\programdata\ATI
2011-05-18 04:31 . 2011-05-18 04:31 -------- d-----w- c:\users\Brad\AppData\Local\{7B9FE8D7-261B-4F16-9908-0A36A20ACC88}
2011-05-17 16:30 . 2011-05-17 16:31 -------- d-----w- c:\users\Brad\AppData\Local\{CD24BEF0-5EFB-4437-A297-E88BFAD304EB}
2011-05-17 04:30 . 2011-05-17 04:30 -------- d-----w- c:\users\Brad\AppData\Local\{274E3E66-39C1-448C-B515-9F9B78397FEC}
2011-05-16 20:29 . 2011-05-16 20:38 -------- d-----w- c:\program files\Dragon Age 2
2011-05-16 16:30 . 2011-05-16 16:30 -------- d-----w- c:\users\Brad\AppData\Local\{FEABAE9E-A84D-4012-ABCC-48A8E7AB341F}
2011-05-16 04:29 . 2011-05-16 04:30 -------- d-----w- c:\users\Brad\AppData\Local\{6D253EA0-BD71-4DA3-993F-A26AD1540427}
2011-05-15 16:29 . 2011-05-15 16:29 -------- d-----w- c:\users\Brad\AppData\Local\{65189A41-4941-4DDC-A2AB-03B285655734}
2011-05-15 04:29 . 2011-05-15 04:29 -------- d-----w- c:\users\Brad\AppData\Local\{5A9B0755-2788-4F23-A73F-DC1C04998628}
2011-05-14 16:29 . 2011-05-14 16:29 -------- d-----w- c:\users\Brad\AppData\Local\{4FE45DE4-E590-4702-942B-46EA2F23814F}
2011-05-14 04:28 . 2011-05-14 04:28 -------- d-----w- c:\users\Brad\AppData\Local\{33C7D5CE-8308-4D00-992F-4A4D36AE10E5}
2011-05-13 16:28 . 2011-05-13 16:28 -------- d-----w- c:\users\Brad\AppData\Local\{40DEF8BB-5A77-47E5-B89F-3BBD30FF1A16}
2011-05-13 04:27 . 2011-05-13 04:27 -------- d-----w- c:\users\Brad\AppData\Local\{F84F34A0-460D-40BC-A5BA-76D5D2E64F43}
2011-05-12 18:34 . 2011-05-12 18:34 -------- d-----w- c:\users\Brad\AppData\Local\SKIDROW
2011-05-12 18:07 . 2011-05-12 18:07 -------- d-----w- c:\program files\Valve
2011-05-12 16:26 . 2011-05-12 16:27 -------- d-----w- c:\users\Brad\AppData\Local\{87312648-5F6D-4EC0-8A43-502A5591030A}
2011-05-12 04:26 . 2011-05-12 04:26 -------- d-----w- c:\users\Brad\AppData\Local\{63E0B332-F482-40CB-AA11-59E10289BE45}
2011-05-11 16:26 . 2011-05-11 16:26 -------- d-----w- c:\users\Brad\AppData\Local\{692095CE-1320-4A8A-A6D1-4A99400DE9FE}
2011-05-11 01:14 . 2011-05-11 01:14 -------- d-----w- c:\users\Brad\AppData\Local\{9D7D47C8-E6B5-4526-943D-3EFDF1FA51A9}
2011-05-10 13:14 . 2011-05-10 13:14 -------- d-----w- c:\users\Brad\AppData\Local\{F99A1C21-A8D0-44C2-8847-E83030F1B1CE}
2011-05-10 07:47 . 2011-05-10 07:51 -------- d-----w- c:\program files\Portal
2011-05-10 02:17 . 2011-05-10 02:17 -------- d-----w- c:\program files\uTorrent
2011-05-10 02:14 . 2011-05-22 00:26 -------- d-----w- c:\users\Brad\AppData\Roaming\uTorrent
2011-05-10 01:13 . 2011-05-10 01:14 -------- d-----w- c:\users\Brad\AppData\Local\{E48A2E8D-B2E6-4F2E-993A-3C2C55C53BC7}
2011-05-09 13:13 . 2011-05-09 13:13 -------- d-----w- c:\users\Brad\AppData\Local\{0A56ADE9-426D-417D-87CA-98DBAF708C15}
2011-05-09 01:13 . 2011-05-09 01:13 -------- d-----w- c:\users\Brad\AppData\Local\{8D922D81-04E6-49DC-B91C-7EB6C76381EF}
2011-05-08 13:13 . 2011-05-08 13:13 -------- d-----w- c:\users\Brad\AppData\Local\{DA0108CB-405F-4D2E-A579-79E682BDB745}
2011-05-08 01:12 . 2011-05-08 01:12 -------- d-----w- c:\users\Brad\AppData\Local\{4B516019-3947-4872-985C-F6AB3FA4824A}
2011-05-07 13:12 . 2011-05-07 13:12 -------- d-----w- c:\users\Brad\AppData\Local\{D48D1D77-B23E-4195-8CC3-ECF64C28600A}
2011-05-07 01:11 . 2011-05-07 01:12 -------- d-----w- c:\users\Brad\AppData\Local\{37EB32D4-76EC-4430-8617-146F265D6F73}
2011-05-06 13:11 . 2011-05-06 13:11 -------- d-----w- c:\users\Brad\AppData\Local\{8AA2E484-0736-4491-81FF-F09B84F143B8}
2011-05-06 01:11 . 2011-05-06 01:11 -------- d-----w- c:\users\Brad\AppData\Local\{B4DFDD30-FBA3-44BA-AFC2-22B9445D9D27}
2011-05-05 13:11 . 2011-05-05 13:11 -------- d-----w- c:\users\Brad\AppData\Local\{20AAA1C0-9ABE-4DC9-9676-0E6E1D16C762}
2011-05-05 08:12 . 2011-05-05 08:12 -------- d-----w- c:\program files\DDO Standard Res Install Files
2011-05-05 01:10 . 2011-05-05 01:10 -------- d-----w- c:\users\Brad\AppData\Local\{CA9CDD63-876B-4220-90C4-8E09F501B789}
2011-05-04 13:10 . 2011-05-04 13:10 -------- d-----w- c:\users\Brad\AppData\Local\{96B1E6B6-8A5E-467D-B26D-081ADBD914BD}
2011-05-04 01:09 . 2011-05-04 01:09 -------- d-----w- c:\users\Brad\AppData\Local\{15F134C2-7D53-4E7E-8EB0-D9A7568F5FDE}
2011-05-03 13:09 . 2011-05-03 13:09 -------- d-----w- c:\users\Brad\AppData\Local\{AD13F659-C6A5-43A6-B759-6DE3C1F5D7CC}
2011-05-03 01:08 . 2011-05-03 01:09 -------- d-----w- c:\users\Brad\AppData\Local\{66D22E9B-AB61-42DB-BC52-176AD7290B24}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2009-12-14 03:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-12-14 03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 02:43 . 2011-04-20 02:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-05-27 17:02 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:02 . 2011-04-20 02:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:59 . 2010-11-26 02:49 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 01:38 . 2010-03-03 03:46 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 01:26 . 2010-03-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-11-26 02:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 01:21 . 2010-03-03 03:06 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 01:21 . 2010-03-03 03:06 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-10 17:03 . 2011-04-25 08:25 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-25 08:25 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 21:12 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-01 00:26 . 2011-05-31 18:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http: [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 18:19 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-05-04 09:34 3050392 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 18:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1455944489-3012744293-3388263478-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-15 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:59354
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\cfre9ha0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-01 14:42:44
ComboFix-quarantined-files.txt 2011-06-01 19:42
.
Pre-Run: 8,770,973,696 bytes free
Post-Run: 8,699,113,472 bytes free
.
- - End Of File - - 30E4FC8FBC2899B3988A34349840A760


----------



## eddie5659 (Mar 19, 2001)

I know you're friends with fyzidrank, but are you by any chance sharing the same network?

The reason I ask, is there is somthing in your log that is very similar to his, so if its the same network, that could be a starting point for me to look at as well, for both of you 

If not, it may be something else, of which I'll still look at now 

-------
*P2P Warning!*


*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

* µTorrent
*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

---------------

Now that's out of the way, lets continue 

Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 
Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

*Media Booster
Spybot - Search & Destroy*

-------------------------

Can you firstly run this for me:

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

--------------------

After doing that, can you then do this (the log file produced may be long, so upload it)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
c:\users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}
c:\users\Brad\AppData\Local\{843475BB-6E29-4E70-AED9-64D222A1267C}
c:\users\Brad\AppData\Local\{7F2FFC11-5C5E-4C27-93E5-43DA3AABB288}
c:\users\Brad\AppData\Local\{53EEA9A2-800F-453A-87FC-82CCDD5A9450}
c:\users\Brad\AppData\Local\{C7A4DC46-D96B-4512-BE2A-3C7189CFF23B}
c:\users\Brad\AppData\Local\{2A5C3F06-A9D9-4B2A-A92F-E6E6C78AE1C9}
c:\users\Brad\AppData\Local\{1068D63A-6B6F-456D-8607-84F1B5A1188B}
c:\users\Brad\AppData\Local\{766D68F8-D04F-406C-85D0-A297337B0843}
c:\users\Brad\AppData\Local\{8FD78456-9F74-48AD-B146-F182630E352E}
c:\users\Brad\AppData\Local\{EECC9271-B5A5-464D-A6F6-32C89CAC4C05}
c:\users\Brad\AppData\Local\{ECB79983-B42A-4011-8464-1C234B28D7E0}
c:\users\Brad\AppData\Local\{68B8DFF6-BFD5-4C55-ABC2-3BE41C17F2FE}
c:\users\Brad\AppData\Local\{31B60BB9-D976-4AC7-A116-7AA46CE8BB3D}
c:\users\Brad\AppData\Local\{60779FCA-A12F-4549-98AE-23D71B197CE1}
c:\users\Brad\AppData\Local\{A647C6E9-A9EE-47A7-9EC7-562F01B0DB62}
c:\users\Brad\AppData\Local\{1BA2C955-1AF4-4825-8AE1-7543467CECD7}
c:\users\Brad\AppData\Local\{C274C761-CA32-4DCB-8FA3-24713021C005}
c:\users\Brad\AppData\Local\{21093A7B-BF59-4DFE-9167-60B085072FA0}
c:\users\Brad\AppData\Local\{99DD3876-BD21-43B7-A23A-04AFAF926D53}
c:\users\Brad\AppData\Local\{4C43F296-8506-45BA-9F58-72356C9E60C1}
c:\users\Brad\AppData\Local\{BBB4953C-8C79-4AF1-BB6B-407608D231A4}
c:\users\Brad\AppData\Local\{0F890556-D054-42D5-8338-44E62ECD794E}
c:\users\Brad\AppData\Local\{BA1F462D-F47B-47B6-A6FA-710921B2D4E4}
c:\users\Brad\AppData\Local\{9E0DFA6D-C338-4E03-8933-C54A18F15AD9}
c:\users\Brad\AppData\Local\{A5C148D2-00CB-449A-B51E-61479D2FFF28}
c:\users\Brad\AppData\Local\{00B1EFFC-ED38-4562-9E12-8F6A37B4BCD8}
c:\users\Brad\AppData\Local\{D8089E57-8FA0-4770-B115-6CD2532C2243}
c:\users\Brad\AppData\Local\{B37ECC41-FAB5-418D-AEB4-F9AF527FB843}
c:\users\Brad\AppData\Local\{98C1217B-48B4-4940-8685-6807CAAB268D}
c:\users\Brad\AppData\Local\{7B9FE8D7-261B-4F16-9908-0A36A20ACC88}
c:\users\Brad\AppData\Local\{CD24BEF0-5EFB-4437-A297-E88BFAD304EB}
c:\users\Brad\AppData\Local\{274E3E66-39C1-448C-B515-9F9B78397FEC}
c:\users\Brad\AppData\Local\{FEABAE9E-A84D-4012-ABCC-48A8E7AB341F}
c:\users\Brad\AppData\Local\{6D253EA0-BD71-4DA3-993F-A26AD1540427}
c:\users\Brad\AppData\Local\{65189A41-4941-4DDC-A2AB-03B285655734}
c:\users\Brad\AppData\Local\{5A9B0755-2788-4F23-A73F-DC1C04998628}
c:\users\Brad\AppData\Local\{4FE45DE4-E590-4702-942B-46EA2F23814F}
c:\users\Brad\AppData\Local\{33C7D5CE-8308-4D00-992F-4A4D36AE10E5}
c:\users\Brad\AppData\Local\{40DEF8BB-5A77-47E5-B89F-3BBD30FF1A16}
c:\users\Brad\AppData\Local\{F84F34A0-460D-40BC-A5BA-76D5D2E64F43}
c:\users\Brad\AppData\Local\{87312648-5F6D-4EC0-8A43-502A5591030A}
c:\users\Brad\AppData\Local\{63E0B332-F482-40CB-AA11-59E10289BE45}
c:\users\Brad\AppData\Local\{692095CE-1320-4A8A-A6D1-4A99400DE9FE}
c:\users\Brad\AppData\Local\{9D7D47C8-E6B5-4526-943D-3EFDF1FA51A9}
c:\users\Brad\AppData\Local\{F99A1C21-A8D0-44C2-8847-E83030F1B1CE}
c:\users\Brad\AppData\Local\{E48A2E8D-B2E6-4F2E-993A-3C2C55C53BC7}
c:\users\Brad\AppData\Local\{0A56ADE9-426D-417D-87CA-98DBAF708C15}
c:\users\Brad\AppData\Local\{8D922D81-04E6-49DC-B91C-7EB6C76381EF}
c:\users\Brad\AppData\Local\{DA0108CB-405F-4D2E-A579-79E682BDB745}
c:\users\Brad\AppData\Local\{4B516019-3947-4872-985C-F6AB3FA4824A}
c:\users\Brad\AppData\Local\{D48D1D77-B23E-4195-8CC3-ECF64C28600A}
c:\users\Brad\AppData\Local\{37EB32D4-76EC-4430-8617-146F265D6F73}
c:\users\Brad\AppData\Local\{8AA2E484-0736-4491-81FF-F09B84F143B8}
c:\users\Brad\AppData\Local\{B4DFDD30-FBA3-44BA-AFC2-22B9445D9D27}
c:\users\Brad\AppData\Local\{20AAA1C0-9ABE-4DC9-9676-0E6E1D16C762}
c:\users\Brad\AppData\Local\{CA9CDD63-876B-4220-90C4-8E09F501B789}
c:\users\Brad\AppData\Local\{96B1E6B6-8A5E-467D-B26D-081ADBD914BD}
c:\users\Brad\AppData\Local\{15F134C2-7D53-4E7E-8EB0-D9A7568F5FDE}
c:\users\Brad\AppData\Local\{AD13F659-C6A5-43A6-B759-6DE3C1F5D7CC}
c:\users\Brad\AppData\Local\{66D22E9B-AB61-42DB-BC52-176AD7290B24}
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *SystemLook.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## brad33 (May 31, 2011)

We are not on the same network or even in the same state. As for removing the programs, when you said Media Booster did you mean Pando Media Booster?


----------



## brad33 (May 31, 2011)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:46 on 01/06/2011 (Brad)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:36 31/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:36 15/12/2009]

-=E.O.F=-


----------



## brad33 (May 31, 2011)

I may have left out a line of code when I used SystemLook. The new log file is attached.


----------



## eddie5659 (Mar 19, 2001)

As you're not on the same router etc, as the folders are the similar type that you both have, are they created when using uTorrent?

I don't use torrent programs, but if you know what they are, we can leave them.

However, if you look inside one, is there anything you can see or recognise in there? eg:

c:\users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}

---

Yep, I meant Pando Media Booster, but then upon further looking its okay to leave it installed 

Also, can you do this for me:

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.

*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.*

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double-click *gmer.exe*. The program will begin to run.

***Caution***
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click *NO*
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is *un-checked*.
Now click the Scan button.
_Once the scan is complete, you may receive another notice about rootkit activity._
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "*GMER.txt*" 
Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

===============

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## brad33 (May 31, 2011)

I checked that folder and it was empty, but I did uninstall uTorrent so I couldn't tell you if that folder was related. During the OTL scan, a bubble popped up in the bottom right saying OTL: OTL.exe cannot function properly. The file system structure is corrupt and unusuable. Please run the chkdsk utility on the volume C:. That may not be exactly what it was but it was something like that. I let chkdsk run just last night and it found no problems.

Also, when I updated mbam the other day it offered me a trial of the full version so I took it. It has been blocking outgoing svchost.exe things every other minute.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-03 10:04:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST3250820AS rev.3.ADG
Running: gmer.exe; Driver: C:\Users\Brad\AppData\Local\Temp\kxldqpob.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 856E01F8
Device \Driver\atapi \Device\Ide\IdePort0 856E01F8
Device \Driver\atapi \Device\Ide\IdePort1 856E01F8
Device \Driver\atapi \Device\Ide\IdePort2 856E01F8
Device \Driver\atapi \Device\Ide\IdePort3 856E01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856E01F8
Device \Driver\amdx3kjd \Device\Scsi\amdx3kjd1 8670C1F8
Device \Driver\amdx3kjd \Device\Scsi\amdx3kjd1Port5Path0Target1Lun0 8670C1F8
Device \Driver\amdx3kjd \Device\Scsi\amdx3kjd1Port5Path0Target0Lun0 8670C1F8
Device \FileSystem\Ntfs \Ntfs 856E11F8
Device \FileSystem\fastfat \Fat 883D11F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 6/3/2011 10:09:28 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 71.17% Memory free
6.71 Gb Paging File | 5.68 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 7.24 Gb Free Space | 3.25% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/19 21:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

========== Modules (SafeList) ==========

MOD - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/19 21:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/19 20:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 07:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/14 21:56:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/03 15:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 15:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 15:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 15:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 15:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 15:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 15:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2007/04/13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59354

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/31 19:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 00:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/05/31 13:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2009/12/16 04:00:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/31 19:26:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 09:58:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/03 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{001F2AAC-7901-4A45-BEEE-D4120DD52060}
[2011/06/02 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0AA56169-BDE4-481D-9932-BAF464C2B5CA}
[2011/06/02 08:22:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{72E2C1C9-DFAE-44A9-B8A1-6B64CA36582D}
[2011/06/01 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\GooredFix Backups
[2011/06/01 16:35:50 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
[2011/06/01 14:31:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/01 14:31:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/01 14:31:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/01 14:31:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/01 14:31:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/01 14:28:11 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}
[2011/06/01 04:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/01 02:17:49 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{843475BB-6E29-4E70-AED9-64D222A1267C}
[2011/05/31 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7F2FFC11-5C5E-4C27-93E5-43DA3AABB288}
[2011/05/31 13:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/31 13:17:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/30 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{53EEA9A2-800F-453A-87FC-82CCDD5A9450}
[2011/05/30 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C7A4DC46-D96B-4512-BE2A-3C7189CFF23B}
[2011/05/30 02:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 02:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 01:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/29 23:48:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{2A5C3F06-A9D9-4B2A-A92F-E6E6C78AE1C9}
[2011/05/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1068D63A-6B6F-456D-8607-84F1B5A1188B}
[2011/05/28 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{766D68F8-D04F-406C-85D0-A297337B0843}
[2011/05/28 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8FD78456-9F74-48AD-B146-F182630E352E}
[2011/05/27 23:40:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EECC9271-B5A5-464D-A6F6-32C89CAC4C05}
[2011/05/27 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{ECB79983-B42A-4011-8464-1C234B28D7E0}
[2011/05/26 23:39:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{68B8DFF6-BFD5-4C55-ABC2-3BE41C17F2FE}
[2011/05/26 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{31B60BB9-D976-4AC7-A116-7AA46CE8BB3D}
[2011/05/25 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{60779FCA-A12F-4549-98AE-23D71B197CE1}
[2011/05/25 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A647C6E9-A9EE-47A7-9EC7-562F01B0DB62}
[2011/05/24 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1BA2C955-1AF4-4825-8AE1-7543467CECD7}
[2011/05/24 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C274C761-CA32-4DCB-8FA3-24713021C005}
[2011/05/23 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{21093A7B-BF59-4DFE-9167-60B085072FA0}
[2011/05/23 11:36:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{99DD3876-BD21-43B7-A23A-04AFAF926D53}
[2011/05/22 23:35:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4C43F296-8506-45BA-9F58-72356C9E60C1}
[2011/05/22 11:35:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BBB4953C-8C79-4AF1-BB6B-407608D231A4}
[2011/05/21 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0F890556-D054-42D5-8338-44E62ECD794E}
[2011/05/21 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/21 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/05/21 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BA1F462D-F47B-47B6-A6FA-710921B2D4E4}
[2011/05/20 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9E0DFA6D-C338-4E03-8933-C54A18F15AD9}
[2011/05/20 11:33:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A5C148D2-00CB-449A-B51E-61479D2FFF28}
[2011/05/19 23:33:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{00B1EFFC-ED38-4562-9E12-8F6A37B4BCD8}
[2011/05/19 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D8089E57-8FA0-4770-B115-6CD2532C2243}
[2011/05/18 23:32:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B37ECC41-FAB5-418D-AEB4-F9AF527FB843}
[2011/05/18 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{98C1217B-48B4-4940-8685-6807CAAB268D}
[2011/05/18 03:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/18 03:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/17 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7B9FE8D7-261B-4F16-9908-0A36A20ACC88}
[2011/05/17 11:30:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CD24BEF0-5EFB-4437-A297-E88BFAD304EB}
[2011/05/16 23:30:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{274E3E66-39C1-448C-B515-9F9B78397FEC}
[2011/05/16 15:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011/05/16 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age 2
[2011/05/16 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Crack
[2011/05/16 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEABAE9E-A84D-4012-ABCC-48A8E7AB341F}
[2011/05/15 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6D253EA0-BD71-4DA3-993F-A26AD1540427}
[2011/05/15 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{65189A41-4941-4DDC-A2AB-03B285655734}
[2011/05/14 23:29:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{5A9B0755-2788-4F23-A73F-DC1C04998628}
[2011/05/14 11:29:05 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4FE45DE4-E590-4702-942B-46EA2F23814F}
[2011/05/13 23:28:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{33C7D5CE-8308-4D00-992F-4A4D36AE10E5}
[2011/05/13 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{40DEF8BB-5A77-47E5-B89F-3BBD30FF1A16}
[2011/05/12 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F84F34A0-460D-40BC-A5BA-76D5D2E64F43}
[2011/05/12 13:34:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\SKIDROW
[2011/05/12 13:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/12 13:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/05/12 11:26:53 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{87312648-5F6D-4EC0-8A43-502A5591030A}
[2011/05/11 23:26:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63E0B332-F482-40CB-AA11-59E10289BE45}
[2011/05/11 11:26:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{692095CE-1320-4A8A-A6D1-4A99400DE9FE}
[2011/05/10 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9D7D47C8-E6B5-4526-943D-3EFDF1FA51A9}
[2011/05/10 08:14:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F99A1C21-A8D0-44C2-8847-E83030F1B1CE}
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Portal
[2011/05/09 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/05/09 20:13:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E48A2E8D-B2E6-4F2E-993A-3C2C55C53BC7}
[2011/05/09 08:13:46 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0A56ADE9-426D-417D-87CA-98DBAF708C15}
[2011/05/08 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8D922D81-04E6-49DC-B91C-7EB6C76381EF}
[2011/05/08 08:13:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DA0108CB-405F-4D2E-A579-79E682BDB745}
[2011/05/07 20:12:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4B516019-3947-4872-985C-F6AB3FA4824A}
[2011/05/07 08:12:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D48D1D77-B23E-4195-8CC3-ECF64C28600A}
[2011/05/06 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{37EB32D4-76EC-4430-8617-146F265D6F73}
[2011/05/06 08:11:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8AA2E484-0736-4491-81FF-F09B84F143B8}
[2011/05/05 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B4DFDD30-FBA3-44BA-AFC2-22B9445D9D27}
[2011/05/05 08:11:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{20AAA1C0-9ABE-4DC9-9676-0E6E1D16C762}
[2011/05/05 03:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\DDO Standard Res Install Files
[2011/05/04 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CA9CDD63-876B-4220-90C4-8E09F501B789}
[2009/06/03 13:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 12:56:56 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2007/06/07 02:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/07 02:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/07 02:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/03 09:53:38 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 09:53:37 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 09:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 03:20:16 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/03 03:20:16 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/03 03:20:16 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/01 17:47:45 | 264,945,271 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/01 16:44:41 | 000,075,264 | ---- | M] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 16:35:47 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:27:40 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 14:22:12 | 000,659,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/31 14:22:12 | 000,126,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 13:36:00 | 000,000,870 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/31 13:35:41 | 000,006,516 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:17:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/31 13:07:35 | 000,051,288 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/31 13:02:04 | 000,261,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 15:38:29 | 000,001,356 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/05/29 15:32:27 | 000,006,022 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 23:17:39 | 000,000,120 | ---- | M] () -- C:\Users\Brad\AppData\Local\Bxotejadazayujup.dat
[2011/05/28 23:17:39 | 000,000,000 | ---- | M] () -- C:\Users\Brad\AppData\Local\Dsijesuxitokesik.bin
[2011/05/18 15:45:26 | 000,000,883 | ---- | M] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | M] () -- C:\Users\Brad\Desktop\Portal.lnk
[2011/05/05 09:33:55 | 000,000,374 | ---- | M] () -- C:\Users\Brad\Desktop\Resume Download of Dungeons Dragons Online Eberron Unlimited.url
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 09:59:18 | 000,302,592 | ---- | C] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/06/01 17:47:45 | 264,945,271 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/01 16:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 14:31:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/01 14:31:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/01 14:31:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/01 14:31:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/01 14:31:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 13:35:40 | 000,006,516 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:07:32 | 000,051,288 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/29 11:47:46 | 000,006,022 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/28 23:17:39 | 000,000,120 | ---- | C] () -- C:\Users\Brad\AppData\Local\Bxotejadazayujup.dat
[2011/05/28 23:17:39 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\Dsijesuxitokesik.bin
[2011/05/18 15:45:26 | 000,000,883 | ---- | C] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | C] () -- C:\Users\Brad\Desktop\Portal.lnk
[2011/05/05 09:33:55 | 000,000,374 | ---- | C] () -- C:\Users\Brad\Desktop\Resume Download of Dungeons Dragons Online Eberron Unlimited.url
[2011/04/23 21:53:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 16:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/21 05:03:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/21 05:01:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/21 05:01:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/08 12:19:03 | 000,000,092 | ---- | C] () -- C:\Users\Brad\AppData\Local\fusioncache.dat
[2010/10/05 13:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2010/10/05 13:21:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/06/29 19:00:16 | 000,077,156 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/06/10 23:31:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/02 22:06:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/26 20:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 18:42:30 | 000,015,872 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 02:58:39 | 000,001,356 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2009/12/13 21:52:39 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/13 21:52:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/06/03 14:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 14:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 13:00:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 12:57:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/26 11:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/05 05:38:36 | 000,321,512 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007/03/05 05:38:36 | 000,056,405 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 08:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 08:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 08:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 08:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 18:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 08:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,261,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,659,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,126,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 11:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 14:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/06/03 01:52:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Advanced Combat Tracker
[2011/05/21 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/27 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/12/16 16:39:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\DAEMON Tools Lite
[2010/09/17 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\FileZilla
[2011/05/05 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ICQ
[2010/12/02 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\LolClient
[2011/05/01 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProfitUI Reborn Updater
[2011/04/23 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\QuickScan
[2010/10/01 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Sony Online Entertainment
[2010/04/09 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SystemRequirementsLab
[2011/06/01 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/06/02 22:08:57 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/3/2011 10:09:28 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 71.17% Memory free
6.71 Gb Paging File | 5.68 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 7.24 Gb Free Space | 3.25% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1455944489-3012744293-3388263478-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11143E6C-3839-47EC-ADCF-B794EF27BCDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{317DD3D4-3F8C-4D89-813F-6B0CCFF5B743}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{34E4F69F-44FA-4B37-B3B2-55B6D93068D2}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{553007E6-FA7A-43C0-85DC-8AFE3ADBF554}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{6CAA933D-4672-4669-B65A-9D8FDD4A634B}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{6D6D9713-B7EC-4E86-94B3-926969E8EC71}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher | 
"{716EED84-7CC3-40EC-93CB-080AA9075742}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{877233F6-A4AA-4F20-8CE3-81DFC6BDE3D5}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{8DB3E86D-B270-4525-835C-344EF92B605A}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{A3ACCFA5-2F83-4B4A-AE7A-6442A920AA2E}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher | 
"{A4846F39-7314-4E51-BC1B-E4D7CA344758}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{AAE9E231-548C-4CDE-B062-553EA47EA06F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D149E838-97C4-4CF5-9AC5-DEE9AB025102}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DADC9FB2-D503-4B4C-A934-EBDFFB9CFA23}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{E05E384D-FC44-481D-9614-13E1B608CD20}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{F3637151-656E-4FF6-9C02-D72969663CF3}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher | 
"{F879BABB-EC0B-4C6B-A18F-E95AD492E4F4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C80501-8FA4-43BD-983F-0D730F328D11}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{03B79655-7CE1-4DA9-B242-B4C656DE239B}" = protocol=58 | dir=out | app=system | 
"{09AE6429-5230-4501-8BAF-7863B38D01DA}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{0BDC42BC-4CB8-4133-81EE-1E0B73010129}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{0E645DE1-0618-4F1C-9AAD-B8EC53F3F1DD}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{1045E8F3-7606-4D87-9F74-5D3C2753285F}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{171D0FE9-F041-4E06-9993-934577227DC3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{21AB623B-B113-42E4-BFCC-1FF136E69EF1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{247F4B63-D15C-4056-A0E5-44F718B3FB8E}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{273B98AD-12A9-41A5-BD18-6DF2CADAD0A4}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{2F93F707-B81C-4BAE-9708-E88289417654}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{35C89886-5D59-4603-AA9A-AE2D9EEED5BA}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{36F6A446-8C46-4790-907C-506511B38735}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{388759CD-F109-4660-8BC5-9328404EDDF8}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{38C80CAA-5A41-45BA-B8C9-B1C209A7EEF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39975AFA-5011-4738-90C3-D7BD2A1A4484}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{40A4C511-3FD0-4D8D-899B-EE20B91A73A7}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{43EE4365-5EE0-4F1A-8212-C24951443052}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{48BF543F-717A-4EDA-A6D8-2EA7ABB43E6D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{4A1C7C25-4359-4A61-B7EC-94E7641799C5}" = protocol=58 | dir=out | app=system | 
"{4F21A8C9-77F7-4E97-B44E-5D0CF31FE36D}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{5BA20527-2586-4890-940E-1755E1854E26}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{609FFFFC-F2C1-43D4-A3DB-2EFE686D5A86}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{632A2ADC-67B9-42A1-A838-D22B87C0A9D8}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{6E9DF265-83FF-4016-947D-1C1500C8C273}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{730EF85E-B0E5-4A23-9E66-201E4E5E265F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{754332AA-655C-4A5F-9454-1F96D5D5D5BC}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{75FB8585-9F3E-4676-A0E2-76A04F6EE069}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{78E4DB6C-6946-4375-8672-A0C72F6B62ED}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{79B88D16-6CBD-4097-8AD5-FFAF034E5CAB}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{79C7941D-C60A-4CA3-8193-A28287DC69DF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7C834240-F31A-4087-ABFF-13145681F3C4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{8F968505-D8FB-4D87-85AE-96AC85FDE6C8}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{9A63ACDA-B8AC-4E21-977E-FCA5B58E05C8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{A0491C1F-95D1-4678-8FF7-7F3C52A7F646}" = protocol=58 | dir=out | app=system | 
"{A56B46B7-7229-46F0-8C91-BB49C75612D8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{B2E74BF3-2086-4D64-A929-FDEB18820E60}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{B5E63D4E-9002-4093-A8C3-CBE16B5B9D9B}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{B684D046-9DF2-41C2-A0E9-F60B30FDF27D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{B844C971-1856-4767-B95A-A2D15E6CA20E}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{B9B3998C-B388-4307-A635-454819957006}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{C7813812-CBA4-4F84-8327-E018F0BCD5FF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{C80554A5-2955-40E5-AC66-A77B7011AA11}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{C8EC8AAE-AC20-491A-880B-3F28A9658F5D}" = protocol=58 | dir=out | app=system | 
"{D310E9AF-B558-48C8-B25A-3BC3BB3FF154}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{DDA42800-1442-45BA-9B6C-7645BF793BD3}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{E377AAFA-D221-4F89-80DD-DD165A295B4A}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{EB1DBCAF-DB1B-4657-A4B8-19990715C4CE}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{EF0043EF-274B-45F5-8DAF-9740CEDA6EBA}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{F9BA949F-A881-4DA4-8E5B-BE2C85B551C3}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"TCP Query User{00408359-43E2-4D5E-8D52-04AAAC285216}C:\program files\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=c:\program files\demigod\bin\demigod.exe | 
"TCP Query User{067315CD-5F6E-48B3-88C7-F94100AFED3A}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | 
"TCP Query User{0E95FF64-F6AE-4D78-B809-56FE567EB955}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{153FC0EB-72A5-4A7F-B09F-6299BE08EC49}C:\users\brad\appdata\locallow\sony online entertainment\installed games\everquest ii streaming\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\locallow\sony online entertainment\installed games\everquest ii streaming\eq2voiceservice.exe | 
"TCP Query User{5EA03768-A0E3-4DE2-B85B-165D54E01F82}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{63EB4766-544E-40EB-A560-0D1E5AF491C0}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe | 
"TCP Query User{6CBAA3CA-05D8-4CB9-AE61-2B39777AE92A}C:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\valve\portal 2\portal2.exe | 
"TCP Query User{86B9059C-0268-4DA6-8A66-F667A81EF23D}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{A0680421-6BB6-4C33-8977-A137860B11B1}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{E7C953A2-DE2B-4F9B-9166-7A07D696053D}C:\program files\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{07C9B505-7D67-40C1-9476-64020BB1A63D}C:\program files\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{25B430D6-1299-43AE-9C0A-23C63D0ED166}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{596D6A02-9555-475E-A2BC-A19751A41FE1}C:\program files\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=c:\program files\demigod\bin\demigod.exe | 
"UDP Query User{7D48FF0F-CD60-4507-A72C-CDDBDBB65D4D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{936D04B2-346B-40F4-AA75-108F601EC935}C:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\valve\portal 2\portal2.exe | 
"UDP Query User{B2B2E0E3-CE32-41E8-8AA2-4B8FA954C342}C:\users\brad\appdata\locallow\sony online entertainment\installed games\everquest ii streaming\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\locallow\sony online entertainment\installed games\everquest ii streaming\eq2voiceservice.exe | 
"UDP Query User{C8EB32DB-7D13-46FD-A7F0-ADF061A484E8}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe | 
"UDP Query User{D934E32B-D8D4-4177-BAA3-F6B944DE5B6A}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{F7724F0E-5153-4040-98CC-2FECFDDE4FE0}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe | 
"UDP Query User{FEE02CAB-ECAB-4602-A7AA-9DF55CB9244A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{488405CF-0BD3-D35E-13BD-4D71ADE5E401}" = ATI Problem Report Wizard
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{52358A6F-E412-4C46-8CF8-B425C0D5E8FB}" = EverQuest II
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = Catalyst Control Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{658DE1DF-D156-DD5A-800E-20C693806F65}" = Catalyst Control Center InstallProxy
"{67D7D7EB-9330-2884-6EC2-4AB32CC981B5}" = ATI AVIVO Codecs
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71790311-0C42-B5BC-AF01-97BFFEF2A30B}" = ATI Catalyst Install Manager
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online v03.02.03.8013
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3128] [2009-11-08]
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"OpenAL" = OpenAL
"Portal" = Portal
"Postal 2_is1" = Portal 2
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Security Task Manager" = Security Task Manager 1.8c
"Vista TN3270 1.27_is1" = Vista TN3270
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ProfitUI Reborn Updater" = ProfitUI Reborn Updater
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2011 10:24:02 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x2c10, application
start time 0x01cc212deb96ff6f.

Error - 6/2/2011 11:08:28 PM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0xfd4, application
start time 0x01cc21903749e40f.

Error - 6/3/2011 12:10:22 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 12:10:22 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 12:50:57 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x65006600, process id 0x1d28, application start time
0x01cc21a7be96c3df.

Error - 6/3/2011 2:27:58 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 2:27:58 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 2:27:58 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 2:27:58 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/3/2011 4:30:11 AM | Computer Name = Brad-PC | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 4/17/2011 12:24:40 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12322
seconds with 7980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/3/2011 11:00:05 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:00:09 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:02:20 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:03:43 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:04:54 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:09:16 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:10:54 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 6/3/2011 11:10:55 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:10:55 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error - 6/3/2011 11:11:17 AM | Computer Name = Brad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume3.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

I'll look thru the OTL log in a bit, and thanks for the info on what you're seeing 

You do have a rootkit, so lets deal with that first:

*Please read carefully and follow these steps.* 

Download *TDSSKiller* and save it to your Desktop. 
Extract its contents to your desktop. 
Once extracted, open the TDSSKiller folder and doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here. 
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## brad33 (May 31, 2011)

2011/06/03 13:00:01.0042 2532 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 13:00:01.0057 2532 ================================================================================
2011/06/03 13:00:01.0057 2532 SystemInfo:
2011/06/03 13:00:01.0057 2532 
2011/06/03 13:00:01.0057 2532 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/03 13:00:01.0057 2532 Product type: Workstation
2011/06/03 13:00:01.0057 2532 ComputerName: BRAD-PC
2011/06/03 13:00:01.0057 2532 UserName: Brad
2011/06/03 13:00:01.0057 2532 Windows directory: C:\Windows
2011/06/03 13:00:01.0057 2532 System windows directory: C:\Windows
2011/06/03 13:00:01.0057 2532 Processor architecture: Intel x86
2011/06/03 13:00:01.0057 2532 Number of processors: 2
2011/06/03 13:00:01.0057 2532 Page size: 0x1000
2011/06/03 13:00:01.0057 2532 Boot type: Normal boot
2011/06/03 13:00:01.0057 2532 ================================================================================
2011/06/03 13:00:01.0635 2532 Initialize success
2011/06/03 13:00:08.0452 3908 ================================================================================
2011/06/03 13:00:08.0452 3908 Scan started
2011/06/03 13:00:08.0452 3908 Mode: Manual; 
2011/06/03 13:00:08.0452 3908 ================================================================================
2011/06/03 13:00:09.0700 3908 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/03 13:00:09.0793 3908 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/03 13:00:09.0856 3908 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/03 13:00:09.0903 3908 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/03 13:00:09.0934 3908 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/03 13:00:10.0027 3908 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/03 13:00:10.0121 3908 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/03 13:00:10.0168 3908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/03 13:00:10.0261 3908 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/06/03 13:00:10.0339 3908 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/03 13:00:10.0402 3908 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/06/03 13:00:10.0480 3908 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/03 13:00:10.0527 3908 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/03 13:00:10.0792 3908 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/03 13:00:11.0041 3908 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/03 13:00:11.0135 3908 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/03 13:00:11.0244 3908 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/03 13:00:11.0369 3908 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 13:00:11.0447 3908 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/03 13:00:11.0556 3908 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/06/03 13:00:11.0728 3908 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/03 13:00:11.0821 3908 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/03 13:00:11.0931 3908 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 13:00:12.0009 3908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/03 13:00:12.0040 3908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/03 13:00:12.0118 3908 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/03 13:00:12.0149 3908 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/03 13:00:12.0258 3908 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/03 13:00:12.0289 3908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/03 13:00:12.0321 3908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/03 13:00:12.0352 3908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/03 13:00:12.0414 3908 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/03 13:00:12.0664 3908 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 13:00:12.0773 3908 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/03 13:00:12.0820 3908 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/03 13:00:12.0913 3908 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/03 13:00:13.0023 3908 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 13:00:13.0069 3908 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/03 13:00:13.0101 3908 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/03 13:00:13.0132 3908 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/03 13:00:13.0272 3908 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
2011/06/03 13:00:13.0553 3908 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
2011/06/03 13:00:13.0678 3908 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
2011/06/03 13:00:13.0725 3908 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/03 13:00:13.0865 3908 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/06/03 13:00:14.0052 3908 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/06/03 13:00:14.0130 3908 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/06/03 13:00:14.0255 3908 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/06/03 13:00:14.0349 3908 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/03 13:00:14.0380 3908 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/03 13:00:14.0520 3908 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 13:00:14.0629 3908 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/03 13:00:14.0770 3908 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 13:00:14.0832 3908 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 13:00:14.0973 3908 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/03 13:00:15.0051 3908 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/03 13:00:15.0175 3908 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/03 13:00:15.0269 3908 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/03 13:00:15.0347 3908 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
2011/06/03 13:00:15.0487 3908 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/03 13:00:15.0550 3908 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 13:00:15.0628 3908 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/03 13:00:15.0706 3908 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 13:00:15.0753 3908 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 13:00:15.0815 3908 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/03 13:00:15.0924 3908 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 13:00:16.0049 3908 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 13:00:16.0111 3908 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/03 13:00:16.0221 3908 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/03 13:00:16.0345 3908 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 13:00:16.0408 3908 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/03 13:00:16.0470 3908 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/03 13:00:16.0533 3908 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/03 13:00:16.0611 3908 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/03 13:00:16.0657 3908 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/03 13:00:16.0735 3908 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 13:00:16.0782 3908 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/03 13:00:16.0891 3908 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/03 13:00:16.0938 3908 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/03 13:00:17.0001 3908 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/03 13:00:17.0063 3908 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/06/03 13:00:17.0141 3908 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/03 13:00:17.0203 3908 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 13:00:17.0297 3908 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/03 13:00:17.0344 3908 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/03 13:00:17.0422 3908 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/03 13:00:17.0484 3908 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 13:00:17.0578 3908 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/03 13:00:17.0625 3908 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/03 13:00:17.0703 3908 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/03 13:00:17.0749 3908 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/03 13:00:17.0796 3908 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/03 13:00:17.0874 3908 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 13:00:18.0093 3908 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 13:00:18.0171 3908 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/03 13:00:18.0217 3908 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/03 13:00:18.0295 3908 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/03 13:00:18.0389 3908 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/03 13:00:18.0467 3908 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/03 13:00:18.0561 3908 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/03 13:00:18.0607 3908 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/03 13:00:18.0639 3908 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 13:00:18.0670 3908 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/03 13:00:18.0717 3908 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 13:00:18.0779 3908 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 13:00:18.0857 3908 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/03 13:00:18.0919 3908 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 13:00:18.0966 3908 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/03 13:00:19.0060 3908 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 13:00:19.0138 3908 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 13:00:19.0169 3908 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 13:00:19.0216 3908 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 13:00:19.0294 3908 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/06/03 13:00:19.0372 3908 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 13:00:19.0481 3908 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 13:00:19.0543 3908 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 13:00:19.0621 3908 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 13:00:19.0684 3908 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 13:00:19.0746 3908 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 13:00:19.0840 3908 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 13:00:19.0887 3908 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/03 13:00:19.0933 3908 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 13:00:19.0996 3908 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/03 13:00:20.0121 3908 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 13:00:20.0199 3908 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/03 13:00:20.0261 3908 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 13:00:20.0355 3908 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 13:00:20.0495 3908 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 13:00:20.0573 3908 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 13:00:20.0651 3908 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 13:00:20.0713 3908 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 13:00:20.0869 3908 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/03 13:00:20.0963 3908 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 13:00:21.0041 3908 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 13:00:21.0103 3908 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 13:00:21.0228 3908 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/03 13:00:21.0291 3908 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/03 13:00:21.0447 3908 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/03 13:00:21.0571 3908 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
2011/06/03 13:00:21.0649 3908 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/03 13:00:21.0774 3908 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 13:00:21.0805 3908 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/03 13:00:21.0868 3908 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/03 13:00:21.0946 3908 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/03 13:00:22.0024 3908 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/03 13:00:22.0117 3908 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/03 13:00:22.0258 3908 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 13:00:22.0336 3908 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/03 13:00:22.0476 3908 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 13:00:22.0601 3908 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/03 13:00:22.0726 3908 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/03 13:00:22.0819 3908 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 13:00:22.0897 3908 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 13:00:22.0975 3908 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 13:00:23.0053 3908 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 13:00:23.0100 3908 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 13:00:23.0194 3908 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 13:00:23.0287 3908 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 13:00:23.0381 3908 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/03 13:00:23.0428 3908 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 13:00:23.0490 3908 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 13:00:23.0599 3908 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 13:00:23.0724 3908 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/03 13:00:23.0755 3908 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/03 13:00:23.0865 3908 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 13:00:23.0927 3908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 13:00:23.0989 3908 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/03 13:00:24.0067 3908 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/03 13:00:24.0145 3908 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/03 13:00:24.0192 3908 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 13:00:24.0208 3908 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 13:00:24.0255 3908 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 13:00:24.0286 3908 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/03 13:00:24.0364 3908 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/03 13:00:24.0442 3908 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/03 13:00:24.0520 3908 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/03 13:00:24.0613 3908 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 13:00:24.0660 3908 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/03 13:00:24.0769 3908 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/03 13:00:24.0769 3908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/03 13:00:24.0785 3908 sptd - detected LockedFile.Multi.Generic (1)
2011/06/03 13:00:24.0847 3908 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 13:00:24.0910 3908 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 13:00:24.0972 3908 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 13:00:25.0066 3908 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/03 13:00:25.0144 3908 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/03 13:00:25.0191 3908 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/03 13:00:25.0253 3908 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/03 13:00:25.0409 3908 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 13:00:25.0518 3908 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 13:00:25.0565 3908 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 13:00:25.0627 3908 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 13:00:25.0721 3908 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 13:00:25.0768 3908 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 13:00:25.0846 3908 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/03 13:00:25.0971 3908 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 13:00:26.0033 3908 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/03 13:00:26.0111 3908 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 13:00:26.0173 3908 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/03 13:00:26.0267 3908 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 13:00:26.0345 3908 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 13:00:26.0423 3908 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/03 13:00:26.0454 3908 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/03 13:00:26.0517 3908 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/03 13:00:26.0563 3908 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/03 13:00:26.0673 3908 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/03 13:00:26.0719 3908 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 13:00:26.0797 3908 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/03 13:00:26.0860 3908 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/03 13:00:26.0907 3908 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/03 13:00:26.0953 3908 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/03 13:00:27.0016 3908 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/03 13:00:27.0078 3908 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/03 13:00:27.0109 3908 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/03 13:00:27.0172 3908 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 13:00:27.0219 3908 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/03 13:00:27.0265 3908 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/03 13:00:27.0312 3908 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/03 13:00:27.0375 3908 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/06/03 13:00:27.0421 3908 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 13:00:27.0531 3908 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 13:00:27.0593 3908 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 13:00:27.0640 3908 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/03 13:00:27.0687 3908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/03 13:00:27.0765 3908 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 13:00:27.0811 3908 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 13:00:27.0874 3908 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/03 13:00:27.0967 3908 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 13:00:28.0155 3908 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/03 13:00:28.0279 3908 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 13:00:28.0420 3908 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/03 13:00:28.0498 3908 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/06/03 13:00:28.0498 3908 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/03 13:00:28.0498 3908 ================================================================================
2011/06/03 13:00:28.0498 3908 Scan finished
2011/06/03 13:00:28.0498 3908 ================================================================================
2011/06/03 13:00:28.0513 3688 Detected object count: 2
2011/06/03 13:00:28.0513 3688 Actual detected object count: 2
2011/06/03 13:00:45.0954 3688 LockedFile.Multi.Generic(sptd) - User select action: Skip 
2011/06/03 13:00:46.0001 3688 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/03 13:00:46.0001 3688 \Device\Harddisk0\DR0 - ok
2011/06/03 13:00:46.0001 3688 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 
2011/06/03 13:00:56.0890 2832 Deinitialize success


----------



## eddie5659 (Mar 19, 2001)

Okay, can you re-run GMER and we'll see if its gone 

Also, can you post another OTL log (fresh one) as I want to see if any of the files have now gone. There will be only one log produced this time


----------



## brad33 (May 31, 2011)

While OTL was running I found out which file it was corrupted. It is C:/Program Files/Reference Assemblies. This folder is empty and it also has the date modified of 5/29/11 which is the day all my problems began.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-03 14:17:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST3250820AS rev.3.ADG
Running: gmer.exe; Driver: C:\Users\Brad\AppData\Local\Temp\kxldqpob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x93C21620]

INT 0x51 ? 8494EBF8
INT 0x51 ? 8494EBF8
INT 0x51 ? 8494EBF8
INT 0x51 ? 8494EBF8
INT 0x51 ? 86613F00
INT 0x51 ? 86613F00
INT 0x51 ? 8494EBF8
INT 0x61 ? 86613F00
INT 0x92 ? 86613F00
INT 0xA2 ? 86613F00
INT 0xB2 ? 86613F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 81EACDA4 4 Bytes [20, 16, C2, 93]
? System32\Drivers\spww.sys  The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload 8A88AB2E 5 Bytes JMP 8494E1D8 
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E806000, 0x38CD55, 0xE8000020]
.text USBPORT.SYS!DllUnload 8A97A41B 5 Bytes JMP 866134E0 
.text awbyk3ry.SYS 8E560000 22 Bytes [82, 13, 1C, 82, 6C, 12, 1C, ...]
.text awbyk3ry.SYS 8E560017 137 Bytes [00, 32, 87, 78, 80, 3D, 85, ...]
.text awbyk3ry.SYS 8E5600A1 43 Bytes JMP E4867481 
.text awbyk3ry.SYS 8E5600CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text awbyk3ry.SYS 8E5600DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068C6D6] \SystemRoot\System32\Drivers\spww.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068C042] \SystemRoot\System32\Drivers\spww.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068C800] \SystemRoot\System32\Drivers\spww.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068C0C0] \SystemRoot\System32\Drivers\spww.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068C13E] \SystemRoot\System32\Drivers\spww.sys
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortWritePortUchar] 838E586F
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8E5840
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\awbyk3ry.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 852E11F8
Device \FileSystem\fastfat \FatCdrom 87C471F8
Device \Driver\volmgr \Device\VolMgrControl 849501F8
Device \Driver\usbuhci \Device\USBPDO-0 864E81F8
Device \Driver\sptd \Device\4201306930 spww.sys
Device \Driver\usbuhci \Device\USBPDO-1 864E81F8
Device \Driver\PCI_PNP0919 \Device\00000052 spww.sys
Device \Driver\usbuhci \Device\USBPDO-2 864E81F8
Device \Driver\usbehci \Device\USBPDO-3 861EE1F8
Device \Driver\usbuhci \Device\USBPDO-4 864E81F8
Device \Driver\usbuhci \Device\USBPDO-5 864E81F8
Device \Driver\usbuhci \Device\USBPDO-6 864E81F8
Device \Driver\volmgr \Device\HarddiskVolume1 849501F8
Device \Driver\usbehci \Device\USBPDO-7 861EE1F8
Device \Driver\volmgr \Device\HarddiskVolume2  849501F8
Device \Driver\cdrom \Device\CdRom0 864DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 852E01F8
Device \Driver\atapi \Device\Ide\IdePort0 852E01F8
Device \Driver\atapi \Device\Ide\IdePort1 852E01F8
Device \Driver\atapi \Device\Ide\IdePort2 852E01F8
Device \Driver\atapi \Device\Ide\IdePort3 852E01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852E01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 852E01F8
Device \Driver\volmgr \Device\HarddiskVolume3 849501F8
Device \Driver\cdrom \Device\CdRom1 864DF1F8
Device \Driver\cdrom \Device\CdRom2 864DF1F8
Device \Driver\cdrom \Device\CdRom3 864DF1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 877161F8
Device \Driver\Smb \Device\NetbiosSmb 8759E1F8
Device \Driver\iScsiPrt \Device\RaidPort0 864E91F8
Device \Driver\usbuhci \Device\USBFDO-0 864E81F8
Device \Driver\usbuhci \Device\USBFDO-1 864E81F8
Device \Driver\usbuhci \Device\USBFDO-2 864E81F8
Device \Driver\usbehci \Device\USBFDO-3 861EE1F8
Device \Driver\usbuhci \Device\USBFDO-4 864E81F8
Device \Driver\usbuhci \Device\USBFDO-5 864E81F8
Device \Driver\usbuhci \Device\USBFDO-6 864E81F8
Device \Driver\usbehci \Device\USBFDO-7 861EE1F8
Device \Driver\awbyk3ry \Device\Scsi\awbyk3ry1Port5Path0Target0Lun0 866DF1F8
Device \Driver\awbyk3ry \Device\Scsi\awbyk3ry1Port5Path0Target1Lun0 866DF1F8
Device \Driver\awbyk3ry \Device\Scsi\awbyk3ry1 866DF1F8
Device \FileSystem\fastfat \Fat 87C471F8

AttachedDevice \FileSystem\fastfat \Fat  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 88095498

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x57 0xE5 0xC3 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x58 0x45 0xB8 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB6 0x5F 0x44 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xFC 0x94 0xCB 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x57 0xE5 0xC3 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x58 0x45 0xB8 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB6 0x5F 0x44 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xFC 0x94 0xCB 0x3F ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\Reference Assemblies\drprovx.dll.vir 114688 bytes
File C:\Program Files\Reference Assemblies\Microsoft 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll 598016 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll 4214784 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll 196608 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll 139264 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll 5279744 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll 397312 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll 163840 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll 532480 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml 5682 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml 3495 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll 438272 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll 126976 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll 131072 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll 368640 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll 970752 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll 5967872 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll 688128 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll 1138688 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll 1630208 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll 540672 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll 167936 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll 385024 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll 40960 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll 98304 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll 1249280 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll 94208 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml 2578 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll 114688 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll 106496 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll 733184 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll 36864 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll 94208 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll 41984 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml 12192 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList 0 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml 3446 bytes
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll 45056 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll 163840 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll 57344 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll 667648 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll 53248 bytes executable
File  C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll 229376 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll 2879488 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll 684032 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll 294912 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll 442368 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll 286720 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll 143360 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll 233472 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll 569344 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll 77824 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll 32768 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll 229376 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll 131072 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll 139264 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll 335872 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll 1277952 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll 61440 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll 12288 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll 507904 bytes executable
File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll 139264 bytes executable

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 6/3/2011 2:18:03 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 65.41% Memory free
6.72 Gb Paging File | 5.57 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 7.03 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/19 21:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

========== Modules (SafeList) ==========

MOD - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/19 21:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/19 20:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 07:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/14 21:56:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/03 15:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 15:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 15:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 15:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 15:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 15:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 15:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2007/04/13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59354

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/31 19:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 00:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/05/31 13:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2009/12/16 04:00:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/31 19:26:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 12:58:56 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\TDSSKiller.exe
[2011/06/03 09:58:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/03 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{001F2AAC-7901-4A45-BEEE-D4120DD52060}
[2011/06/02 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0AA56169-BDE4-481D-9932-BAF464C2B5CA}
[2011/06/02 08:22:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{72E2C1C9-DFAE-44A9-B8A1-6B64CA36582D}
[2011/06/01 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\GooredFix Backups
[2011/06/01 16:35:50 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
[2011/06/01 14:31:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/01 14:31:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/01 14:31:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/01 14:31:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/01 14:31:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/01 14:28:11 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}
[2011/06/01 04:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/01 02:17:49 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{843475BB-6E29-4E70-AED9-64D222A1267C}
[2011/05/31 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7F2FFC11-5C5E-4C27-93E5-43DA3AABB288}
[2011/05/31 13:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/31 13:17:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/30 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{53EEA9A2-800F-453A-87FC-82CCDD5A9450}
[2011/05/30 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C7A4DC46-D96B-4512-BE2A-3C7189CFF23B}
[2011/05/30 02:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 02:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 01:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/29 23:48:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{2A5C3F06-A9D9-4B2A-A92F-E6E6C78AE1C9}
[2011/05/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1068D63A-6B6F-456D-8607-84F1B5A1188B}
[2011/05/28 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{766D68F8-D04F-406C-85D0-A297337B0843}
[2011/05/28 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8FD78456-9F74-48AD-B146-F182630E352E}
[2011/05/27 23:40:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EECC9271-B5A5-464D-A6F6-32C89CAC4C05}
[2011/05/27 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{ECB79983-B42A-4011-8464-1C234B28D7E0}
[2011/05/26 23:39:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{68B8DFF6-BFD5-4C55-ABC2-3BE41C17F2FE}
[2011/05/26 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{31B60BB9-D976-4AC7-A116-7AA46CE8BB3D}
[2011/05/25 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{60779FCA-A12F-4549-98AE-23D71B197CE1}
[2011/05/25 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A647C6E9-A9EE-47A7-9EC7-562F01B0DB62}
[2011/05/24 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1BA2C955-1AF4-4825-8AE1-7543467CECD7}
[2011/05/24 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C274C761-CA32-4DCB-8FA3-24713021C005}
[2011/05/23 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{21093A7B-BF59-4DFE-9167-60B085072FA0}
[2011/05/23 11:36:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{99DD3876-BD21-43B7-A23A-04AFAF926D53}
[2011/05/22 23:35:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4C43F296-8506-45BA-9F58-72356C9E60C1}
[2011/05/22 11:35:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BBB4953C-8C79-4AF1-BB6B-407608D231A4}
[2011/05/21 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0F890556-D054-42D5-8338-44E62ECD794E}
[2011/05/21 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/21 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/05/21 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BA1F462D-F47B-47B6-A6FA-710921B2D4E4}
[2011/05/20 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9E0DFA6D-C338-4E03-8933-C54A18F15AD9}
[2011/05/20 11:33:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A5C148D2-00CB-449A-B51E-61479D2FFF28}
[2011/05/19 23:33:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{00B1EFFC-ED38-4562-9E12-8F6A37B4BCD8}
[2011/05/19 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D8089E57-8FA0-4770-B115-6CD2532C2243}
[2011/05/18 23:32:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B37ECC41-FAB5-418D-AEB4-F9AF527FB843}
[2011/05/18 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{98C1217B-48B4-4940-8685-6807CAAB268D}
[2011/05/18 03:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/18 03:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/17 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7B9FE8D7-261B-4F16-9908-0A36A20ACC88}
[2011/05/17 11:30:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CD24BEF0-5EFB-4437-A297-E88BFAD304EB}
[2011/05/16 23:30:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{274E3E66-39C1-448C-B515-9F9B78397FEC}
[2011/05/16 15:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011/05/16 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age 2
[2011/05/16 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Crack
[2011/05/16 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEABAE9E-A84D-4012-ABCC-48A8E7AB341F}
[2011/05/15 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6D253EA0-BD71-4DA3-993F-A26AD1540427}
[2011/05/15 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{65189A41-4941-4DDC-A2AB-03B285655734}
[2011/05/14 23:29:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{5A9B0755-2788-4F23-A73F-DC1C04998628}
[2011/05/14 11:29:05 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4FE45DE4-E590-4702-942B-46EA2F23814F}
[2011/05/13 23:28:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{33C7D5CE-8308-4D00-992F-4A4D36AE10E5}
[2011/05/13 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{40DEF8BB-5A77-47E5-B89F-3BBD30FF1A16}
[2011/05/12 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F84F34A0-460D-40BC-A5BA-76D5D2E64F43}
[2011/05/12 13:34:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\SKIDROW
[2011/05/12 13:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/12 13:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/05/12 11:26:53 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{87312648-5F6D-4EC0-8A43-502A5591030A}
[2011/05/11 23:26:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63E0B332-F482-40CB-AA11-59E10289BE45}
[2011/05/11 11:26:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{692095CE-1320-4A8A-A6D1-4A99400DE9FE}
[2011/05/10 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9D7D47C8-E6B5-4526-943D-3EFDF1FA51A9}
[2011/05/10 08:14:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F99A1C21-A8D0-44C2-8847-E83030F1B1CE}
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Portal
[2011/05/09 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/05/09 20:13:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E48A2E8D-B2E6-4F2E-993A-3C2C55C53BC7}
[2011/05/09 08:13:46 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0A56ADE9-426D-417D-87CA-98DBAF708C15}
[2011/05/08 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8D922D81-04E6-49DC-B91C-7EB6C76381EF}
[2011/05/08 08:13:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DA0108CB-405F-4D2E-A579-79E682BDB745}
[2011/05/07 20:12:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4B516019-3947-4872-985C-F6AB3FA4824A}
[2011/05/07 08:12:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D48D1D77-B23E-4195-8CC3-ECF64C28600A}
[2011/05/06 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{37EB32D4-76EC-4430-8617-146F265D6F73}
[2011/05/06 08:11:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8AA2E484-0736-4491-81FF-F09B84F143B8}
[2011/05/05 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B4DFDD30-FBA3-44BA-AFC2-22B9445D9D27}
[2011/05/05 08:11:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{20AAA1C0-9ABE-4DC9-9676-0E6E1D16C762}
[2011/05/05 03:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\DDO Standard Res Install Files
[2011/05/04 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CA9CDD63-876B-4220-90C4-8E09F501B789}
[2009/06/03 13:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 12:56:56 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2007/06/07 02:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/07 02:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/07 02:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 13:07:37 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 13:07:36 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 13:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 13:01:05 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/03 13:01:05 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/03 13:01:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/01 17:47:45 | 264,945,271 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/01 16:44:41 | 000,075,264 | ---- | M] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 16:35:47 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:27:40 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 14:22:12 | 000,659,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/31 14:22:12 | 000,126,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 13:36:00 | 000,000,870 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/31 13:35:41 | 000,006,516 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:17:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/31 13:07:35 | 000,051,288 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/31 13:02:04 | 000,261,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 15:38:29 | 000,001,356 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/05/29 15:32:27 | 000,006,022 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 23:17:39 | 000,000,120 | ---- | M] () -- C:\Users\Brad\AppData\Local\Bxotejadazayujup.dat
[2011/05/28 23:17:39 | 000,000,000 | ---- | M] () -- C:\Users\Brad\AppData\Local\Dsijesuxitokesik.bin
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\TDSSKiller.exe
[2011/05/18 15:45:26 | 000,000,883 | ---- | M] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | M] () -- C:\Users\Brad\Desktop\Portal.lnk
[2011/05/05 09:33:55 | 000,000,374 | ---- | M] () -- C:\Users\Brad\Desktop\Resume Download of Dungeons Dragons Online Eberron Unlimited.url
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 09:59:18 | 000,302,592 | ---- | C] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/06/01 17:47:45 | 264,945,271 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/01 16:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 14:31:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/01 14:31:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/01 14:31:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/01 14:31:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/01 14:31:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 13:35:40 | 000,006,516 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:07:32 | 000,051,288 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/29 11:47:46 | 000,006,022 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/28 23:17:39 | 000,000,120 | ---- | C] () -- C:\Users\Brad\AppData\Local\Bxotejadazayujup.dat
[2011/05/28 23:17:39 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\Dsijesuxitokesik.bin
[2011/05/18 15:45:26 | 000,000,883 | ---- | C] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | C] () -- C:\Users\Brad\Desktop\Portal.lnk
[2011/05/05 09:33:55 | 000,000,374 | ---- | C] () -- C:\Users\Brad\Desktop\Resume Download of Dungeons Dragons Online Eberron Unlimited.url
[2011/04/23 21:53:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 16:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/21 05:03:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/21 05:01:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/21 05:01:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/08 12:19:03 | 000,000,092 | ---- | C] () -- C:\Users\Brad\AppData\Local\fusioncache.dat
[2010/10/05 13:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2010/10/05 13:21:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/06/29 19:00:16 | 000,077,156 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/06/10 23:31:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/02 22:06:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/26 20:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 18:42:30 | 000,015,872 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 02:58:39 | 000,001,356 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2009/12/13 21:52:39 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/13 21:52:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/06/03 14:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 14:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 13:00:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 12:57:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/26 11:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/05 05:38:36 | 000,321,512 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007/03/05 05:38:36 | 000,056,405 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 08:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 08:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 08:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 08:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 18:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 08:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,261,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,659,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,126,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 11:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 14:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/06/03 01:52:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Advanced Combat Tracker
[2011/05/21 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/27 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/12/16 16:39:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\DAEMON Tools Lite
[2010/09/17 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\FileZilla
[2011/05/05 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ICQ
[2010/12/02 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\LolClient
[2011/05/01 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProfitUI Reborn Updater
[2011/04/23 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\QuickScan
[2010/10/01 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Sony Online Entertainment
[2010/04/09 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SystemRequirementsLab
[2011/06/01 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/06/03 12:56:51 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## brad33 (May 31, 2011)

It seems that the redirects are gone. What do you think is causing CHKDSK to run every time I reboot? There was that Reference Assemblies folder that was empty and corrupted but I have left it alone.


----------



## eddie5659 (Mar 19, 2001)

Okay, for the Reference Assemblies folder, it looks like its actually to do with .net framework. I have the same folder, and mine has things in it, as by the looks of it, yours does, but you may have them hidden.

Saying that, you appear to have a virus in there:

*File C:\Program Files\Reference Assemblies\drprovx.dll.vir 114688 bytes*

Though we need to check that out fully.

Do you know what these are?

*C:\Users\Brad\Documents\cc_20110531_133539.reg
C:\Users\Brad\Documents\cc_20110531_130727.reg
C:\Users\Brad\Desktop\Crack*

--

If you can do the following, we'll remove other things first, as well as look at that file. I'll have a look at the CHDSK as well, will post again after the below is done, as that may help first 

---

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *C:\Program Files\Reference Assemblies\drprovx.dll.vir*


If its not showing as there, then do this:

Set Explorer to view Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Show all Files and Folders
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.

Then try again 

----

Go to AddRemove Programs and uninstall *Ask Toolbar*

Then, do this:

Download *SREng* 

Extract it to Desktop and double click *SREngLdr.EXE* to run it 
Select *System Repair* from the left pane. 
Click on *File Association* 
Select all entries that has an *Error status* click *[Repair]* 
Refer to this image for an example:










Close SREng now. 

-----------

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59354
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011/06/03 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{001F2AAC-7901-4A45-BEEE-D4120DD52060}
[2011/06/02 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0AA56169-BDE4-481D-9932-BAF464C2B5CA}
[2011/06/02 08:22:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{72E2C1C9-DFAE-44A9-B8A1-6B64CA36582D}
[2011/06/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{16398A33-9EA1-40DA-98F7-4CC308BF1AF6}
[2011/06/01 02:17:49 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{843475BB-6E29-4E70-AED9-64D222A1267C}
[2011/05/31 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7F2FFC11-5C5E-4C27-93E5-43DA3AABB288}
[2011/05/30 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{53EEA9A2-800F-453A-87FC-82CCDD5A9450}
[2011/05/30 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C7A4DC46-D96B-4512-BE2A-3C7189CFF23B}
[2011/05/29 23:48:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{2A5C3F06-A9D9-4B2A-A92F-E6E6C78AE1C9}
[2011/05/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1068D63A-6B6F-456D-8607-84F1B5A1188B}
[2011/05/28 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{766D68F8-D04F-406C-85D0-A297337B0843}
[2011/05/28 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8FD78456-9F74-48AD-B146-F182630E352E}
[2011/05/27 23:40:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EECC9271-B5A5-464D-A6F6-32C89CAC4C05}
[2011/05/27 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{ECB79983-B42A-4011-8464-1C234B28D7E0}
[2011/05/26 23:39:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{68B8DFF6-BFD5-4C55-ABC2-3BE41C17F2FE}
[2011/05/26 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{31B60BB9-D976-4AC7-A116-7AA46CE8BB3D}
[2011/05/25 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{60779FCA-A12F-4549-98AE-23D71B197CE1}
[2011/05/25 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A647C6E9-A9EE-47A7-9EC7-562F01B0DB62}
[2011/05/24 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1BA2C955-1AF4-4825-8AE1-7543467CECD7}
[2011/05/24 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C274C761-CA32-4DCB-8FA3-24713021C005}
[2011/05/23 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{21093A7B-BF59-4DFE-9167-60B085072FA0}
[2011/05/23 11:36:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{99DD3876-BD21-43B7-A23A-04AFAF926D53}
[2011/05/22 23:35:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4C43F296-8506-45BA-9F58-72356C9E60C1}
[2011/05/22 11:35:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BBB4953C-8C79-4AF1-BB6B-407608D231A4}
[2011/05/21 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0F890556-D054-42D5-8338-44E62ECD794E}
[2011/05/21 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BA1F462D-F47B-47B6-A6FA-710921B2D4E4}
[2011/05/20 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9E0DFA6D-C338-4E03-8933-C54A18F15AD9}
[2011/05/20 11:33:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A5C148D2-00CB-449A-B51E-61479D2FFF28}
[2011/05/19 23:33:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{00B1EFFC-ED38-4562-9E12-8F6A37B4BCD8}
[2011/05/19 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D8089E57-8FA0-4770-B115-6CD2532C2243}
[2011/05/18 23:32:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B37ECC41-FAB5-418D-AEB4-F9AF527FB843}
[2011/05/18 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{98C1217B-48B4-4940-8685-6807CAAB268D}
[2011/05/17 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{7B9FE8D7-261B-4F16-9908-0A36A20ACC88}
[2011/05/17 11:30:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CD24BEF0-5EFB-4437-A297-E88BFAD304EB}
[2011/05/16 23:30:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{274E3E66-39C1-448C-B515-9F9B78397FEC}
[2011/05/16 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEABAE9E-A84D-4012-ABCC-48A8E7AB341F}
[2011/05/15 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6D253EA0-BD71-4DA3-993F-A26AD1540427}
[2011/05/15 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{65189A41-4941-4DDC-A2AB-03B285655734}
[2011/05/14 23:29:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{5A9B0755-2788-4F23-A73F-DC1C04998628}
[2011/05/14 11:29:05 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4FE45DE4-E590-4702-942B-46EA2F23814F}
[2011/05/13 23:28:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{33C7D5CE-8308-4D00-992F-4A4D36AE10E5}
[2011/05/13 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{40DEF8BB-5A77-47E5-B89F-3BBD30FF1A16}
[2011/05/12 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F84F34A0-460D-40BC-A5BA-76D5D2E64F43}
[2011/05/12 11:26:53 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{87312648-5F6D-4EC0-8A43-502A5591030A}
[2011/05/11 23:26:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63E0B332-F482-40CB-AA11-59E10289BE45}
[2011/05/11 11:26:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{692095CE-1320-4A8A-A6D1-4A99400DE9FE}
[2011/05/10 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9D7D47C8-E6B5-4526-943D-3EFDF1FA51A9}
[2011/05/10 08:14:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F99A1C21-A8D0-44C2-8847-E83030F1B1CE}
[2011/05/09 20:13:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E48A2E8D-B2E6-4F2E-993A-3C2C55C53BC7}
[2011/05/09 08:13:46 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0A56ADE9-426D-417D-87CA-98DBAF708C15}
[2011/05/08 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8D922D81-04E6-49DC-B91C-7EB6C76381EF}
[2011/05/08 08:13:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DA0108CB-405F-4D2E-A579-79E682BDB745}
[2011/05/07 20:12:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4B516019-3947-4872-985C-F6AB3FA4824A}
[2011/05/07 08:12:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D48D1D77-B23E-4195-8CC3-ECF64C28600A}
[2011/05/06 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{37EB32D4-76EC-4430-8617-146F265D6F73}
[2011/05/06 08:11:36 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8AA2E484-0736-4491-81FF-F09B84F143B8}
[2011/05/05 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B4DFDD30-FBA3-44BA-AFC2-22B9445D9D27}
[2011/05/05 08:11:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{20AAA1C0-9ABE-4DC9-9676-0E6E1D16C762}
[2011/05/04 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CA9CDD63-876B-4220-90C4-8E09F501B789}
[2011/05/28 23:17:39 | 000,000,120 | ---- | M] () -- C:\Users\Brad\AppData\Local\Bxotejadazayujup.dat
[2011/05/28 23:17:39 | 000,000,000 | ---- | M] () -- C:\Users\Brad\AppData\Local\Dsijesuxitokesik.bin
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

----

eddie


----------



## brad33 (May 31, 2011)

Those first two files are registry backups made by CCleaner and the third is a no cd crack(Unwise, I know).
When I ran the sfp thing, It still gave me the error that it was corrupt and unreadable so I hope what I uploaded has something there. I was able to see hidden files already...were your instructions the XP way? The option I have selected is Show hidden files and folders.

Edit: CHKDSK has not ran the last 2 times I rebooted.

OTL logfile created on: 6/6/2011 3:20:54 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 67.38% Memory free
6.71 Gb Paging File | 5.56 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 21.27 Gb Free Space | 9.55% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/05/31 19:26:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/19 21:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

========== Modules (SafeList) ==========

MOD - [2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 21:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/19 21:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/19 20:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 07:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/14 21:56:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/03 15:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 15:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 15:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 15:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 15:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 15:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 15:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 15:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 15:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 15:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2007/04/13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/31 19:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 00:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/06/04 22:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/04 22:36:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2009/12/16 04:00:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/31 19:26:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/06 15:08:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 15:08:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/06 15:05:29 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Users\Brad\Desktop\SREngLdr.EXE
[2011/06/06 14:56:46 | 000,518,656 | ---- | C] (Safer Networking Limited) -- C:\Users\Brad\Desktop\sfp.exe
[2011/06/06 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{256BE89A-7135-4BB6-ABD0-2F4BA7F4AF50}
[2011/06/05 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8F95B6C7-890E-4055-9A33-0462247EE3BD}
[2011/06/05 09:55:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FA688C4B-5A7E-423A-A94A-10AF99FD396F}
[2011/06/04 21:55:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEC08DE6-1F88-4F20-A6E4-3DED17C0D28E}
[2011/06/04 20:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/06/04 20:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/06/04 09:55:03 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{5D7919F2-FC4E-4ABF-90DA-C213FF47E9AF}
[2011/06/03 21:54:40 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3935236D-038D-4C87-86E7-E7895B5C07B9}
[2011/06/03 12:58:56 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\TDSSKiller.exe
[2011/06/03 09:58:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/01 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\GooredFix Backups
[2011/06/01 16:35:50 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/01 14:42:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
[2011/06/01 14:31:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/01 14:31:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/01 14:31:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/01 14:31:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/01 14:31:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/01 14:28:11 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 04:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/31 13:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/31 13:17:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/30 02:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 02:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 01:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/21 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/21 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/05/18 03:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/18 03:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/16 15:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011/05/16 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age 2
[2011/05/12 13:34:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\SKIDROW
[2011/05/12 13:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/12 13:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal
[2011/05/10 02:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Portal
[2011/05/09 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2009/06/03 13:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 12:56:56 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2007/06/07 02:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/07 02:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/07 02:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/06/06 15:11:50 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 15:11:50 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 15:11:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 15:11:00 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/06 15:11:00 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/06 15:11:00 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000000-00001102-00000005-60021102}.rfx
[2011/06/06 15:08:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/06 14:58:29 | 000,000,361 | ---- | M] () -- C:\Users\Brad\Desktop\requested-files[2011-06-06_14_58].cab
[2011/06/06 01:41:59 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/04 22:40:08 | 000,001,864 | ---- | M] () -- C:\Users\Brad\Desktop\ProfitUI Reborn Updater.lnk
[2011/06/04 22:37:38 | 000,000,370 | ---- | M] () -- C:\Users\Brad\Documents - Shortcut.lnk
[2011/06/03 09:59:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/06/01 16:44:41 | 000,075,264 | ---- | M] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 16:35:47 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Brad\Desktop\GooredFix.exe
[2011/06/01 14:27:40 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\username123.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 14:22:12 | 000,659,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/31 14:22:12 | 000,126,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 13:36:00 | 000,000,870 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/31 13:35:41 | 000,006,516 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:17:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brad\Desktop\HijackThis.exe
[2011/05/31 13:07:35 | 000,051,288 | ---- | M] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/31 13:02:04 | 000,261,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 15:38:29 | 000,001,356 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/05/29 15:32:27 | 000,006,022 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\TDSSKiller.exe
[2011/05/18 15:45:26 | 000,000,883 | ---- | M] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | M] () -- C:\Users\Brad\Desktop\Portal.lnk

========== Files Created - No Company Name ==========

[2011/06/06 14:58:29 | 000,000,361 | ---- | C] () -- C:\Users\Brad\Desktop\requested-files[2011-06-06_14_58].cab
[2011/06/04 22:40:08 | 000,001,864 | ---- | C] () -- C:\Users\Brad\Desktop\ProfitUI Reborn Updater.lnk
[2011/06/04 22:37:38 | 000,000,370 | ---- | C] () -- C:\Users\Brad\Documents - Shortcut.lnk
[2011/06/04 20:09:02 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/03 09:59:18 | 000,302,592 | ---- | C] () -- C:\Users\Brad\Desktop\gmer.exe
[2011/06/01 16:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Brad\Desktop\SystemLook.exe
[2011/06/01 14:31:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/01 14:31:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/01 14:31:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/01 14:31:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/01 14:31:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/01 04:39:44 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/31 13:35:40 | 000,006,516 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_133539.reg
[2011/05/31 13:07:32 | 000,051,288 | ---- | C] () -- C:\Users\Brad\Documents\cc_20110531_130727.reg
[2011/05/29 11:47:46 | 000,006,022 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\3BDE.856
[2011/05/18 15:45:26 | 000,000,883 | ---- | C] () -- C:\Users\Brad\Desktop\DragonAge2.exe - Shortcut.lnk
[2011/05/16 15:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011/05/12 13:31:55 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/10 02:51:47 | 000,000,832 | ---- | C] () -- C:\Users\Brad\Desktop\Portal.lnk
[2011/04/23 21:53:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 16:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/21 05:03:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/21 05:01:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/21 05:01:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/08 12:19:03 | 000,000,092 | ---- | C] () -- C:\Users\Brad\AppData\Local\fusioncache.dat
[2010/10/05 13:21:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2010/10/05 13:21:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/06/29 19:00:16 | 000,077,156 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/06/10 23:31:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/02 22:06:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/26 20:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 18:42:30 | 000,015,872 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 02:58:39 | 000,001,356 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2009/12/13 21:52:39 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/13 21:52:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/06/03 14:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 14:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 13:00:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 12:57:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/26 11:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/05 05:38:36 | 000,321,512 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007/03/05 05:38:36 | 000,056,405 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 08:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 08:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 08:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 08:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 18:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 08:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,261,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,659,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,126,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 11:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 14:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/06/06 00:04:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Advanced Combat Tracker
[2011/05/21 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/27 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/12/16 16:39:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\DAEMON Tools Lite
[2010/09/17 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\FileZilla
[2011/05/05 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ICQ
[2010/12/02 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\LolClient
[2011/06/04 22:40:44 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProfitUI Reborn Updater
[2011/04/23 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\QuickScan
[2010/10/01 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Sony Online Entertainment
[2010/04/09 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SystemRequirementsLab
[2011/06/01 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/06/06 15:10:42 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Seen some more things that need to go, but lets look at this log as well:

Can you run this first:

Please download *SmitfraudFix* (by *S!Ri*) to your Desktop.

Double-click *SmitfraudFix.exe* 
Select option #1 - *Search* by typing *1* and press "*Enter*"; a text file will appear, which lists infected files (if present). 
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move *SmitfraudFix.exe* directly to the root of the system drive (usually *C:*), and launch from there.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. 
http://www.beyondlogic.org/consulting/proc...processutil.htm

-------------

And also this:

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## eddie5659 (Mar 19, 2001)

Replying on the end of this, as I see you're here, in case you miss this 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\Users\Brad\AppData\Roaming\3BDE.856
:file
C:\Users\Brad\AppData\Roaming\3BDE.856
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## brad33 (May 31, 2011)

Here ya go


----------



## eddie5659 (Mar 19, 2001)

Okay, I'll let you know about the SystemLook. At one point you said you had problems starting at 29/05/2011, and this file was created then as well. Do you know what it is?

*C:\Users\Brad\AppData\Roaming\3BDE.856*

Don't run it if you don't know, we'll do a scan:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Users\Brad\AppData\Roaming\3BDE.856*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

-----------------

Also, can you do this for me:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"EnableLUA" -> [0]
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Files/Folders - Created Within 30 Days]
NY ->  {1AE8919D-FC88-4E05-8E8E-514FE1F97D97} -> C:\Users\Brad\AppData\Local\{1AE8919D-FC88-4E05-8E8E-514FE1F97D97}
NY ->  {D0AE6ED4-9B33-461A-8A1F-D20D871F342C} -> C:\Users\Brad\AppData\Local\{D0AE6ED4-9B33-461A-8A1F-D20D871F342C}
NY ->  {D8FA8594-C496-4404-B97D-AD394BEEE8B6} -> C:\Users\Brad\AppData\Local\{D8FA8594-C496-4404-B97D-AD394BEEE8B6}
NY ->  {6D60EFBF-C330-402B-923B-3C058BE7809B} -> C:\Users\Brad\AppData\Local\{6D60EFBF-C330-402B-923B-3C058BE7809B}
NY ->  {256BE89A-7135-4BB6-ABD0-2F4BA7F4AF50} -> C:\Users\Brad\AppData\Local\{256BE89A-7135-4BB6-ABD0-2F4BA7F4AF50}
NY ->  {8F95B6C7-890E-4055-9A33-0462247EE3BD} -> C:\Users\Brad\AppData\Local\{8F95B6C7-890E-4055-9A33-0462247EE3BD}
NY ->  {FA688C4B-5A7E-423A-A94A-10AF99FD396F} -> C:\Users\Brad\AppData\Local\{FA688C4B-5A7E-423A-A94A-10AF99FD396F}
NY ->  {FEC08DE6-1F88-4F20-A6E4-3DED17C0D28E} -> C:\Users\Brad\AppData\Local\{FEC08DE6-1F88-4F20-A6E4-3DED17C0D28E}
NY ->  {5D7919F2-FC4E-4ABF-90DA-C213FF47E9AF} -> C:\Users\Brad\AppData\Local\{5D7919F2-FC4E-4ABF-90DA-C213FF47E9AF}
NY ->  {3935236D-038D-4C87-86E7-E7895B5C07B9} -> C:\Users\Brad\AppData\Local\{3935236D-038D-4C87-86E7-E7895B5C07B9}
[Files/Folders - Modified Within 30 Days]
NY ->  7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
NY ->  7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## brad33 (May 31, 2011)

VirSCAN.org Scanned Report :
Scanned time : 2011/06/09 08:12:37 (CDT)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name : 3BDE.856
File Size : 6022 byte
File Type : 
MD5 : 4cd67b0e426f8f191ec7fa866727d280
SHA1 : 6bbbdaf4380f3ce1e7709c437f54bf5b7f487b76
Online report : http://file.virscan.org/report/1145116ade352192485d5c0357321d45.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110608231940 2011-06-08 40.09 -
AhnLab V3 2011.06.09.00 2011.06.09 2011-06-09 40.09 -
AntiVir 8.2.5.12 7.11.9.128 2011-06-09 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201105080215 2011-05-08 0.02 -
Authentium 5.1.1 201106091123 2011-06-09 1.42 -
AVAST! 4.7.4 110609-0 2011-06-09 0.00 -
AVG 8.5.850 271.1.1/3689 2011-06-09 0.24 -
BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
ClamAV 0.96.5 13170 2011-06-09 0.00 -
Comodo 4.0 8999 2011-06-08 40.09 -
CP Secure 1.3.0.5 2011.06.04 2011-06-04 0.00 -
Dr.Web 5.0.2.3300 2011.06.09 2011-06-09 12.46 -
F-Prot 4.4.4.56 20110608 2011-06-08 2.93 -
F-Secure 7.02.73807 2011.06.09.03 2011-06-09 0.11 -
Fortinet 4.2.257 13.307 2011-06-08 40.09 -
GData 22.573/22.151 20110609 2011-06-09 40.09 -
ViRobot 20110609 2011.06.09 2011-06-09 40.10 -
Ikarus T3.1.32.20.0 2011.06.09.78563 2011-06-09 4.62 -
JiangMin 13.0.900 2011.06.08 2011-06-08 40.09 -
Kaspersky 5.5.10 2011.06.08 2011-06-08 0.03 -
KingSoft 2009.2.5.15 2011.6.9.14 2011-06-09 40.09 -
McAfee 5400.1158 6368 2011-06-05 9.61 BackDoor-EXI!conf
Microsoft 1.6903 2011.06.09 2011-06-09 40.10 -
NOD32 3.0.21 6191 2011-06-08 0.01 -
Norman 6.07.10 6.07.00 2011-06-08 12.02 -
Panda 9.05.01 2011.06.08 2011-06-08 40.10 -
Trend Micro 9.200-1012 8.212.06 2011-06-09 0.03 -
Quick Heal 11.00 2011.06.09 2011-06-09 40.09 -
Rising 20.0 23.61.02.03 2011-06-08 40.09 -
Sophos 3.20.2 4.66 2011-06-09 3.51 -
Sunbelt 3.9.2494.2 9529 2011-06-08 40.09 -
Symantec 1.3.0.24 20110608.002 2011-06-08 0.20 -
nProtect 20110601.01 3460661 2011-06-01 40.09 -
The Hacker 6.7.0.1 v00176 2011-04-18 40.09 -
VBA32 3.12.16.1 20110608.2039 2011-06-08 4.25 -
VirusBuster 5.3.0.4 14.0.73.1/5319926 2011-06-08 0.00 -

[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.
[Files/Folders - Created Within 30 Days]
C:\Users\Brad\AppData\Local\{1AE8919D-FC88-4E05-8E8E-514FE1F97D97} folder moved successfully.
C:\Users\Brad\AppData\Local\{D0AE6ED4-9B33-461A-8A1F-D20D871F342C} folder moved successfully.
C:\Users\Brad\AppData\Local\{D8FA8594-C496-4404-B97D-AD394BEEE8B6} folder moved successfully.
C:\Users\Brad\AppData\Local\{6D60EFBF-C330-402B-923B-3C058BE7809B} folder moved successfully.
C:\Users\Brad\AppData\Local\{256BE89A-7135-4BB6-ABD0-2F4BA7F4AF50} folder moved successfully.
C:\Users\Brad\AppData\Local\{8F95B6C7-890E-4055-9A33-0462247EE3BD} folder moved successfully.
C:\Users\Brad\AppData\Local\{FA688C4B-5A7E-423A-A94A-10AF99FD396F} folder moved successfully.
C:\Users\Brad\AppData\Local\{FEC08DE6-1F88-4F20-A6E4-3DED17C0D28E} folder moved successfully.
C:\Users\Brad\AppData\Local\{5D7919F2-FC4E-4ABF-90DA-C213FF47E9AF} folder moved successfully.
C:\Users\Brad\AppData\Local\{3935236D-038D-4C87-86E7-E7895B5C07B9} folder moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 06092011_083115

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Back at work, as I'm on call, but can you post a fresh OTL log


----------



## brad33 (May 31, 2011)

When I restarted my computer this window came up saying "An unauthorized change has been made to Windows." It asks me to type in my activation code but it only accepts letters and the code has numbers in it. I did notice last night that my computer clock had been changed to military time without me touching anything like that.

OTL log attached.


----------



## eddie5659 (Mar 19, 2001)

Just got back from work, so will look at this in a minute


----------



## eddie5659 (Mar 19, 2001)

can you post a screenshot of the message that comes up?


----------



## brad33 (May 31, 2011)

I left for a while and another popped up as well.


----------



## eddie5659 (Mar 19, 2001)

Okay, it looks like it may be the Fake Windows Activation infection, so lets sort that out.

Firstly, can you reboot to Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.

Now, you should still have MBAM installed, so update the program and this time perform a *Full Scan*. It may take a while 

Remove all as you did before, and when the log pops up after, save this to your desktop.

Reboot to normal windows, and post the log.


----------



## brad33 (May 31, 2011)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6823

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

6/10/2011 04:04:14
mbam-log-2011-06-10 (04-04-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 346928
Time elapsed: 1 hour(s), 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## eddie5659 (Mar 19, 2001)

Hmmm

Can you delete the copy of ComboFix you have, and redownload a fresh copy, and run a scan as before, posting the log afterwards.


----------



## brad33 (May 31, 2011)

ComboFix 11-06-10.04 - Brad 06/10/2011 9:49.2.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3325.2261 [GMT -5:00]
Running from: c:\users\Brad\Desktop\username123.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 14:57 . 2011-06-10 14:57 -------- d-----w- c:\users\Brad\AppData\Local\temp
2011-06-10 14:57 . 2011-06-10 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 14:45 . 2011-06-10 14:46 -------- d-----w- C:\username123
2011-06-10 13:02 . 2011-06-10 13:02 -------- d-----w- c:\users\Brad\AppData\Local\{6EE280A5-68EB-4FB3-BF50-AE6DBEE4C72D}
2011-06-09 20:02 . 2011-06-09 20:02 -------- d-----w- c:\users\Brad\AppData\Local\{1BD319BC-1F2D-4E30-B1F5-228C8D0C79CF}
2011-06-09 13:31 . 2011-06-09 13:31 -------- d-----w- C:\_OTS
2011-06-09 08:01 . 2011-06-09 08:02 -------- d-----w- c:\users\Brad\AppData\Local\{4E1FD071-19DD-4833-A199-7107C12A44EC}
2011-06-08 20:01 . 2011-06-08 20:01 -------- d-----w- c:\users\Brad\AppData\Local\{C0455925-881E-4C43-A641-D0B45F7EA54C}
2011-06-06 20:08 . 2011-06-06 20:08 -------- d-----w- C:\_OTL
2011-06-05 03:36 . 2011-04-14 10:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-05 01:09 . 2011-06-10 14:06 -------- d-----w- c:\program files\World of Warcraft
2011-05-30 07:11 . 2011-05-30 07:11 -------- d-----w- c:\program files\Common Files\Java
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\users\Brad\AppData\Roaming\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-06-01 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-23 08:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A25ED064-1345-4550-92D1-4131ACEA652E}\mpengine.dll
2011-05-22 00:23 . 2011-05-22 00:23 -------- d-----w- c:\users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-22 00:21 . 2011-05-22 00:21 -------- d-----w- c:\programdata\EA Core
2011-05-18 08:57 . 2011-05-18 08:57 -------- d-----w- c:\programdata\ATI
2011-05-16 20:29 . 2011-05-16 20:38 -------- d-----w- c:\program files\Dragon Age 2
2011-05-12 18:34 . 2011-05-12 18:34 -------- d-----w- c:\users\Brad\AppData\Local\SKIDROW
2011-05-12 18:07 . 2011-05-12 18:07 -------- d-----w- c:\program files\Valve
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2009-12-14 03:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-12-14 03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 02:43 . 2011-04-20 02:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-05-27 17:02 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:02 . 2011-04-20 02:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:59 . 2010-11-26 02:49 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 01:38 . 2010-03-03 03:46 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 01:26 . 2010-03-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-11-26 02:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 01:21 . 2010-03-03 03:06 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 01:21 . 2010-03-03 03:06 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-06-01 00:26 . 2011-05-31 18:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_19.40.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-14 02:45 . 2011-06-10 13:02 47558 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-12-14 02:26 . 2011-06-10 13:02 14236 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1455944489-3012744293-3388263478-1000_UserData.bin
- 2011-05-29 14:47 . 2011-06-01 18:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-05-29 14:47 . 2011-06-03 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-06-02 16:03 . 2011-06-02 16:03 36616 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-06-03 06:56 . 2011-06-03 06:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060320110604\index.dat
+ 2011-06-02 16:03 . 2011-06-02 16:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060220110603\index.dat
- 2011-06-01 09:30 . 2011-06-01 09:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060120110602\index.dat
+ 2011-06-01 09:30 . 2011-06-01 23:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060120110602\index.dat
- 2009-12-18 09:29 . 2011-05-31 07:52 3542 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-18 09:29 . 2011-06-09 07:22 3542 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2011-06-01 12:59 . 2011-06-01 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-10 12:59 . 2011-06-10 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-10 12:59 . 2011-06-10 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-01 12:59 . 2011-06-01 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2011-06-10 13:02 114848 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-05 03:36 . 2011-04-14 10:08 157472 c:\windows\System32\javaws.exe
- 2009-12-28 18:30 . 2009-12-28 18:30 145184 c:\windows\System32\javaw.exe
+ 2011-06-05 03:36 . 2011-04-14 10:08 145184 c:\windows\System32\javaw.exe
- 2009-12-28 18:30 . 2009-12-28 18:30 145184 c:\windows\System32\java.exe
+ 2011-06-05 03:36 . 2011-04-14 10:08 145184 c:\windows\System32\java.exe
+ 2006-11-02 13:02 . 2011-06-09 21:30 425984 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-01 05:00 . 2011-06-01 12:58 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-01 05:00 . 2011-06-10 07:56 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-01-23 03:10 . 2011-06-01 12:58 232740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-23 03:10 . 2011-06-10 07:56 232740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 19:44 . 2011-06-10 07:56 232740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1455944489-3012744293-3388263478-1000-8192.dat
+ 2011-01-23 03:10 . 2011-06-09 13:36 962488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1455944489-3012744293-3388263478-1000-12288.dat
+ 2011-06-05 03:37 . 2011-06-05 03:37 180224 c:\windows\Installer\2ceca3e.msi
+ 2006-11-02 13:02 . 2011-06-09 21:30 2375680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2011-06-09 21:30 2457600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:47 . 2011-04-25 19:24 4310276 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:47 . 2011-06-09 19:45 4310276 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http: [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 18:19 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 18:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1455944489-3012744293-3388263478-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-15 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\cfre9ha0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 09:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-10 09:59:16
ComboFix-quarantined-files.txt 2011-06-10 14:59
ComboFix2.txt 2011-06-01 19:42
.
Pre-Run: 15,452,188,672 bytes free
Post-Run: 15,411,249,152 bytes free
.
- - End Of File - - B7213D9A81B79171DB0669D2BC13A9EB


----------



## eddie5659 (Mar 19, 2001)

Okay, can you do the following things:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
svchost.exe
shell.exe
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

------------------

Also, can you run these two tools:


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

--

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

-----------

So, in the next reply, upload or post the following:

SystemLook.txt
ComboFix.txt
log.txt
info.txt
MGA Diagnostic Report


----------



## brad33 (May 31, 2011)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Brad at 2011-06-12 16:55:06
Microsoft® Windows Vista Home Premium Service Pack 2
System drive C: has 14 GB (6%) free of 228 GB
Total RAM: 3325 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:20, on 6/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Brad\Desktop\RSIT.exe
C:\Program Files\trend micro\Brad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 3916 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-12-06 180224]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-05-29 449584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
cmd.exe /c start http://www.avg.com/ww.special-unins...AtAEYAOQBNADEAMABCACsAMQA&prod=90&ver=9.0.872 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2009-06-03 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\Windows\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-06-12 16:55:06 ----D---- C:\rsit
2011-06-12 16:55:06 ----D---- C:\Program Files\trend micro
2011-06-12 16:52:06 ----D---- C:\Windows\temp
2011-06-12 16:51:16 ----A---- C:\ComboFix.txt
2011-06-12 16:41:48 ----SHD---- C:\$RECYCLE.BIN
2011-06-12 16:31:58 ----D---- C:\username12328903u
2011-06-10 09:45:56 ----D---- C:\username123
2011-06-09 08:31:15 ----D---- C:\_OTS
2011-06-08 14:43:44 ----A---- C:\Windows\system32\tmp.txt
2011-06-08 14:43:41 ----A---- C:\rapport.txt
2011-06-06 18:32:50 ----A---- C:\Windows\ntbtlog.txt
2011-06-06 15:08:18 ----D---- C:\_OTL
2011-06-04 22:36:48 ----A---- C:\Windows\system32\javaws.exe
2011-06-04 22:36:48 ----A---- C:\Windows\system32\javaw.exe
2011-06-04 22:36:48 ----A---- C:\Windows\system32\java.exe
2011-06-04 22:36:48 ----A---- C:\Windows\system32\deployJava1.dll
2011-06-04 20:09:02 ----D---- C:\Program Files\World of Warcraft
2011-06-03 13:00:01 ----A---- C:\TDSSKiller.2.5.3.0_03.06.2011_13.00.01_log.txt
2011-06-01 14:31:13 ----A---- C:\Windows\zip.exe
2011-06-01 14:31:13 ----A---- C:\Windows\SWSC.exe
2011-06-01 14:31:13 ----A---- C:\Windows\SWREG.exe
2011-06-01 14:31:13 ----A---- C:\Windows\sed.exe
2011-06-01 14:31:13 ----A---- C:\Windows\PEV.exe
2011-06-01 14:31:13 ----A---- C:\Windows\NIRCMD.exe
2011-06-01 14:31:13 ----A---- C:\Windows\MBR.exe
2011-06-01 14:31:13 ----A---- C:\Windows\grep.exe
2011-06-01 14:31:09 ----D---- C:\Windows\ERDNT
2011-06-01 14:31:03 ----D---- C:\Qoobox
2011-05-31 13:36:00 ----D---- C:\Program Files\Mozilla Firefox
2011-05-30 02:11:51 ----D---- C:\ProgramData\Sun
2011-05-30 02:11:50 ----D---- C:\Program Files\Common Files\Java
2011-05-30 01:13:26 ----D---- C:\Users\Brad\AppData\Roaming\SUPERAntiSpyware.com
2011-05-30 01:13:26 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-05-30 01:13:14 ----D---- C:\Program Files\SUPERAntiSpyware
2011-05-23 03:17:04 ----A---- C:\Windows\system32\shsvcs.dll
2011-05-21 19:23:10 ----D---- C:\Users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-21 19:21:09 ----D---- C:\ProgramData\EA Core
2011-05-18 03:57:58 ----D---- C:\ProgramData\ATI
2011-05-16 15:29:39 ----D---- C:\Program Files\Dragon Age 2

======List of files/folders modified in the last 1 months======

2011-06-12 16:55:06 ----RD---- C:\Program Files
2011-06-12 16:52:06 ----D---- C:\Windows\system32\drivers
2011-06-12 16:52:06 ----D---- C:\Windows\Prefetch
2011-06-12 16:52:06 ----D---- C:\Windows
2011-06-12 16:41:49 ----A---- C:\Windows\system.ini
2011-06-12 16:41:42 ----D---- C:\Windows\system32\drivers\etc
2011-06-12 16:37:53 ----D---- C:\Windows\System32
2011-06-12 16:37:53 ----D---- C:\Windows\AppPatch
2011-06-12 16:37:52 ----D---- C:\Program Files\Common Files
2011-06-11 03:09:30 ----SHD---- C:\System Volume Information
2011-06-10 09:47:37 ----D---- C:\Windows\system32\catroot2
2011-06-10 00:11:23 ----D---- C:\Users\Brad\AppData\Roaming\Advanced Combat Tracker
2011-06-07 15:28:15 ----D---- C:\Program Files\Warcraft III
2011-06-06 15:08:19 ----D---- C:\ProgramData
2011-06-06 15:04:41 ----SHD---- C:\Windows\Installer
2011-06-04 22:40:44 ----D---- C:\Users\Brad\AppData\Roaming\ProfitUI Reborn Updater
2011-06-04 22:36:43 ----D---- C:\Program Files\Java
2011-06-04 20:19:45 ----D---- C:\ProgramData\Blizzard Entertainment
2011-06-04 20:19:34 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-06-04 19:48:37 ----D---- C:\Windows\Minidump
2011-06-01 17:37:39 ----D---- C:\Users\Brad\AppData\Roaming\uTorrent
2011-06-01 16:39:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-06-01 16:39:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-06-01 14:41:49 ----D---- C:\Windows\Tasks
2011-05-31 19:29:52 ----D---- C:\Windows\Setup
2011-05-31 18:07:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-31 14:22:12 ----D---- C:\Windows\inf
2011-05-31 14:22:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-31 13:01:05 ----D---- C:\Windows\system32\wbem
2011-05-31 12:51:45 ----D---- C:\Windows\system32\config
2011-05-31 12:51:32 ----D---- C:\Windows\system32\spool
2011-05-31 12:51:32 ----D---- C:\Windows\system32\Msdtc
2011-05-31 12:51:32 ----D---- C:\Windows\system32\CodeIntegrity
2011-05-31 12:51:32 ----D---- C:\Users\Brad\AppData\Roaming\Winamp
2011-05-31 12:51:32 ----D---- C:\Users\Brad\AppData\Roaming\Ventrilo
2011-05-31 12:51:31 ----D---- C:\ProgramData\SecTaskMan
2011-05-31 12:51:31 ----D---- C:\Program Files\Winamp Detect
2011-05-31 12:51:31 ----D---- C:\Program Files\Winamp
2011-05-31 12:51:28 ----D---- C:\Windows\registration
2011-05-31 00:00:42 ----D---- C:\Users\Brad\AppData\Roaming\Mozilla
2011-05-29 22:34:56 ----D---- C:\Program Files\Reference Assemblies
2011-05-29 15:49:06 ----D---- C:\Windows\ehome
2011-05-29 15:28:51 ----D---- C:\Windows\system32\Tasks
2011-05-29 11:45:28 ----SD---- C:\Users\Brad\AppData\Roaming\Microsoft
2011-05-29 11:22:11 ----D---- C:\Program Files\Internet Explorer
2011-05-29 11:22:08 ----D---- C:\Program Files\WinRAR
2011-05-29 11:22:08 ----D---- C:\Program Files\Windows Mail
2011-05-29 11:22:08 ----D---- C:\Program Files\FileZilla FTP Client
2011-05-29 06:40:41 ----D---- C:\Windows\L2Schemas
2011-05-28 23:44:51 ----D---- C:\Windows\Microsoft.NET
2011-05-25 20:53:37 ----D---- C:\Program Files\dl_Cats
2011-05-23 03:18:56 ----D---- C:\Windows\winsxs
2011-05-23 03:18:42 ----D---- C:\ProgramData\Microsoft Help
2011-05-23 03:15:04 ----D---- C:\Windows\system32\catroot
2011-05-21 19:21:09 ----D---- C:\ProgramData\Electronic Arts
2011-05-18 03:57:45 ----D---- C:\Program Files\ATI Technologies
2011-05-16 15:37:33 ----D---- C:\Program Files\Common Files\BioWare
2011-05-14 03:02:14 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-14 691696]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-19 7772160]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-19 243712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
R3 catchme;catchme; \??\C:\username1235297u\catchme.sys []
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2009-06-03 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2009-06-03 527512]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2009-06-03 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2009-06-03 158744]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-13 228224]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2009-06-03 95768]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2009-06-03 1177624]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2009-06-03 130072]
S3 af3p4pn0;af3p4pn0; C:\Windows\system32\drivers\af3p4pn0.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
S3 CFcatchme;CFcatchme; \??\C:\Users\Brad\AppData\Local\Temp\CFcatchme.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL []
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL []
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-19 176128]
R2 dlbt_device;dlbt_device; C:\Windows\system32\dlbtcoms.exe [2007-06-07 538096]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-06-12 16:55:22

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W 
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Combat Tracker (remove only)-->"C:\Program Files\Advanced Combat Tracker\Uninstall.exe"
Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} 
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} 
ATI AVIVO Codecs-->MsiExec.exe /I{67D7D7EB-9330-2884-6EC2-4AB32CC981B5}
ATI Catalyst Install Manager-->msiexec /q/x{71790311-0C42-B5BC-AF01-97BFFEF2A30B} REBOOT=ReallySuppress
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
ATI Problem Report Wizard-->MsiExec.exe /X{488405CF-0BD3-D35E-13BD-4D71ADE5E401}
ATI Stream SDK v2 Developer-->MsiExec.exe /I{86B247F9-1D5E-CCC6-3280-71486D9A4E70}
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon Age II-->"C:\Program Files\Common Files\BioWare\Uninstall Dragon Age 2.exe"
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
Driver Sweeper 2.1.0-->"C:\Program Files\Phyxion.net\Driver Sweeper\unins000.exe"
EQ2MAP Updater 1.2.4-->C:\Program Files\EQ2MAP Updater\uninst.exe
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EverQuest II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52358A6F-E412-4C46-8CF8-B425C0D5E8FB}\setup.exe" -l0x9 -removeonly
ffdshow [rev 3128] [2009-11-08]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.3.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HydraVision-->MsiExec.exe /X{D8A8894A-B875-8206-E820-B27BCD72C5A0}
ICQ7.4-->"C:\Program Files\InstallShield Installation Information\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware version 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect 2-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 4.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U
Portal 2-->"C:\Program Files\Valve\Portal 2\unins000.exe"
Portal-->C:\Program Files\Portal\uninstall.exe
Security Task Manager 1.8c-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Station Launcher-->"C:\Program Files\InstallShield Installation Information\{49668BEE-D721-449C-82D3-C7561945F706}\setup.exe" -runfromtemp -l0x0009 -removeonly
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
The Lord of the Rings Online v03.02.03.8013-->"C:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Vista TN3270-->"C:\Program Files\TomBrennanSoftware\VistaTN3270\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Brad-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA08AB01E. The following error occurred: 
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 189931
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20110410114804.000000-000
Event Type: Warning
User:

Computer Name: Brad-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA08AB01E. The following error occurred: 
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 189930
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20110410114512.000000-000
Event Type: Warning
User:

Computer Name: Brad-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA08AB01E. The following error occurred: 
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 189928
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20110410113927.000000-000
Event Type: Warning
User:

Computer Name: Brad-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA08AB01E. The following error occurred: 
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 189922
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20110410112759.000000-000
Event Type: Warning
User:

Computer Name: Brad-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 189821
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110410105636.699821-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Brad-PC
Event Code: 63
Message: A provider, Ncs2, has been registered in the Windows Management Instrumentation namespace Root\IntelNCS2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 70
Source Name: Microsoft-Windows-WMI
Time Written: 20091214022949.000000-000
Event Type: Warning
User: Brad-PC\Brad

Computer Name: Brad-PC
Event Code: 63
Message: A provider, Ncs2, has been registered in the Windows Management Instrumentation namespace Root\IntelNCS2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 69
Source Name: Microsoft-Windows-WMI
Time Written: 20091214022949.000000-000
Event Type: Warning
User: Brad-PC\Brad

Computer Name: Brad-PC
Event Code: 63
Message: A provider, Ncs2, has been registered in the Windows Management Instrumentation namespace Root\IntelNCS2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 68
Source Name: Microsoft-Windows-WMI
Time Written: 20091214022949.000000-000
Event Type: Warning
User: Brad-PC\Brad

Computer Name: Brad-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 24
Source Name: Microsoft-Windows-Search
Time Written: 20091214042056.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B2-11
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 15
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20091214041839.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Brad-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x33adec

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 87505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110127011522.045523-000
Event Type: Audit Success
User:

Computer Name: Brad-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x33adec
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: HOME-1C4BB26322
Source Network Address: 192.168.2.101
Source Port: 2008

Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 87504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110127011522.039523-000
Event Type: Audit Success
User:

Computer Name: Brad-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x33a57c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 87503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110127011505.035523-000
Event Type: Audit Success
User:

Computer Name: Brad-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x33a57c
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: HOME-1C4BB26322
Source Network Address: 192.168.2.101
Source Port: 2002

Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 87502
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110127011505.029523-000
Event Type: Audit Success
User:

Computer Name: Brad-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x33a56f

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 87501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110127011505.018523-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Stream\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\DivX Shared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"ATISTREAMSDKROOT"=C:\Program Files\ATI Stream\

-----------------EOF-----------------

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {9F76E3A1-D476-4E40-84DC-9C85DD28A9CE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error: T:20110609144534952-
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9F76E3A1-D476-4E40-84DC-9C85DD28A9CE}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1455944489-3012744293-3388263478</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.3</Version><SMBIOSVersion major="2" minor="5"/><Date>20070712000000.000000+000</Date></BIOS><HWID>A0313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>8823EC461820DB0</Val><Hash>Gw+EeJ9rJseBH9eUhW+rGC2C5gc=</Hash><Pid>81602-OEM-6872856-45748</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAABAAAADcGAAAAAAAAYWECAAQQ9ofBq0DK3SbMASPvOhE4aiPWkIrToHXwxdoKB7ZzXQKUcud1zpnxQr2qPjX1i/48vUQ+OJu86DAUmDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw2LChCixnhclyLKxemNGWeZJ85V0jtVJR7rk1HTvKWyM4hNtQ18tgK5IUQOlL71KMzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.0.6002.18005

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAMABAABAAEAAgADAAAAAQABAAEA6GGEj1z/3HTDt/J7tllk/oj9KDMcIY3v8vRiPUQlqOW6yyqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09 
FACP DELL FX09 
HPET DELL FX09 
MCFG DELL FX09 
SLIC DELL FX09 
DMY2 DELL FX09 
SSDT PmRef CpuPm


----------



## eddie5659 (Mar 19, 2001)

Can you run this tool for me:

Please download and run *WVCheck*.

Double-click WVCheck.exe. 
As indicated by the prompt, this program can take a while depending on your hard drive space. 
Once the program is done, copy the contents of the Notepad file as a reply.


----------



## brad33 (May 31, 2011)

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0224_14-06-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2 
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-06-13 19:10:17
Last Success Time for Update Download: 2011-05-23 08:17:14
Last Success Time for Update Installation: 2011-05-23 08:18:59


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 16/7/2010 2:9:11
Modification; 11/4/2009 1:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 21/1/2011 4:1:53
Modification; 11/4/2009 0:28:26
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.slwga.dll.01cb2422f44ec503.007e
Size: 12288 bytes
Creation; 2/11/2006 3:44:14
Modification; 2/11/2006 4:46:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.slwga.dll.01cbb9547d17028d.0052
Size: 12288 bytes
Creation; 17/12/2009 21:8:35
Modification; 19/1/2008 1:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll
Size: 12288 bytes
Creation; 2/11/2006 3:44:14
Modification; 2/11/2006 4:46:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 17/12/2009 21:8:35
Modification; 19/1/2008 1:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 21/1/2011 4:1:53
Modification; 11/4/2009 0:28:26
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 0230_14-06-2011 --------


----------



## eddie5659 (Mar 19, 2001)

Okay, can you uninstall these programs. The first is outdated, and the second is not trusted:

*Spybot - Search & Destroy
Security Task Manager*

Then, can you run the attached ComboFix attachment, like you did before, but overwrite the previous file you have with the new one 

--

Also, can you do this for me:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\system32\drivers\af3p4pn0.sys
C:\Windows\system32\tmp.txt
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-----


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\system32\drivers\af3p4pn0.sys
*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

And then do the same for

*C:\Windows\system32\tmp.txt*

---

Thanks

eddie


----------



## brad33 (May 31, 2011)

The online scanner couldn't find the first one and neither did SystemLook as you can see. The second one was found but wouldn't let me upload it.

Edit: I just tried it in safe mode and still got the error.

ComboFix 11-06-14.01 - Brad 06/14/2011 18:49:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2321 [GMT -5:00]
Running from: c:\users\Brad\Desktop\username123.exe
Command switches used :: c:\users\Brad\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\programdata\SecTaskMan
c:\programdata\SecTaskMan\_entreelist.dll
c:\programdata\SecTaskMan\_enviewlist.dll
c:\programdata\SecTaskMan\avgssie.dll.q_Quarantine_9250_q.ini
c:\programdata\SecTaskMan\GenericAskToolbar.dll.q_Quarantine_9570_q.ini
c:\programdata\SecTaskMan\icm_000021091A0090400000000000F01FEC
c:\programdata\SecTaskMan\icm_000021091A0090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109511090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109511090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109610090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109610090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109810090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109810090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109B10090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109B10090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109C20090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109C20090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109E60090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109E60090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109F10090400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109F10090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109F100A0C00000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109F100A0C00000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002109F100C0400000000000F01FEC
c:\programdata\SecTaskMan\icm_00002109F100C0400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_00002119F20000000000000000F01FEC
c:\programdata\SecTaskMan\icm_00002119F20000000000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_000021599B0090400000000000F01FEC
c:\programdata\SecTaskMan\icm_000021599B0090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icm_032440EF5AC97F34B985A55C2AA8F133
c:\programdata\SecTaskMan\icm_032440EF5AC97F34B985A55C2AA8F133.dll
c:\programdata\SecTaskMan\icm_080E7FFA4791FB54390101EDA1F1E50D
c:\programdata\SecTaskMan\icm_0A294A91F8880A44B9129D710067F326
c:\programdata\SecTaskMan\icm_0AEBA177FA32E8F836EF6178972F496B
c:\programdata\SecTaskMan\icm_0AEBA177FA32E8F836EF6178972F496B.dll
c:\programdata\SecTaskMan\icm_0F3BD11185C057449945B15D7B2B6881
c:\programdata\SecTaskMan\icm_1130971724C0CB5BFA1079FBEF2F3AB0
c:\programdata\SecTaskMan\icm_12342rg
c:\programdata\SecTaskMan\icm_12346db
c:\programdata\SecTaskMan\icm_133738BD468666B42784C48B32BD2422
c:\programdata\SecTaskMan\icm_133738BD468666B42784C48B32BD2422.dll
c:\programdata\SecTaskMan\icm_1AE98DF52C99EE04BB5F028F99E17D65
c:\programdata\SecTaskMan\icm_1AE98DF52C99EE04BB5F028F99E17D65.dll
c:\programdata\SecTaskMan\icm_1F9ACB2AC6655084791DF7CD39837632
c:\programdata\SecTaskMan\icm_1F9ACB2AC6655084791DF7CD39837632.dll
c:\programdata\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8
c:\programdata\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8.dll
c:\programdata\SecTaskMan\icm_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\programdata\SecTaskMan\icm_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\programdata\SecTaskMan\icm_2B51DA16BD0568647A9341EF81D04492
c:\programdata\SecTaskMan\icm_2B51DA16BD0568647A9341EF81D04492.dll
c:\programdata\SecTaskMan\icm_2EE9477B8135552D0FEE415D48B59052
c:\programdata\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066
c:\programdata\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066.dll
c:\programdata\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2
c:\programdata\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2.dll
c:\programdata\SecTaskMan\icm_47C3A3C83610260F806D8CCA470366E9
c:\programdata\SecTaskMan\icm_4A4869755DDD3AC4E98AB77E9D95D34B
c:\programdata\SecTaskMan\icm_4A4869755DDD3AC4E98AB77E9D95D34B.dll
c:\programdata\SecTaskMan\icm_4EA42A62D9304AC4784BF238120671FF
c:\programdata\SecTaskMan\icm_4EA42A62D9304AC4784BF238120671FF.dll
c:\programdata\SecTaskMan\icm_5141C34CCFD39804A923B0CE2FA80664
c:\programdata\SecTaskMan\icm_5141C34CCFD39804A923B0CE2FA80664.dll
c:\programdata\SecTaskMan\icm_55565908215A0914C9DA0B003CD6B6B6
c:\programdata\SecTaskMan\icm_55565908215A0914C9DA0B003CD6B6B6.dll
c:\programdata\SecTaskMan\icm_57BAB1E987BED044490C3A58B72E7E33
c:\programdata\SecTaskMan\icm_57BAB1E987BED044490C3A58B72E7E33.dll
c:\programdata\SecTaskMan\icm_580F1246AAF131ED0DA2FC4B215C224A
c:\programdata\SecTaskMan\icm_580F1246AAF131ED0DA2FC4B215C224A.dll
c:\programdata\SecTaskMan\icm_5C1093C35543A0E32A41B090A305076A
c:\programdata\SecTaskMan\icm_5C26CB239B23838FDA4DFCFE45C48688
c:\programdata\SecTaskMan\icm_5C26CB239B23838FDA4DFCFE45C48688.dll
c:\programdata\SecTaskMan\icm_68AB67CA7DA73301B7449A0400000010
c:\programdata\SecTaskMan\icm_68AB67CA7DA73301B7449A0400000010.dll
c:\programdata\SecTaskMan\icm_6A1554C134743904194E4177DC560534
c:\programdata\SecTaskMan\icm_6BBFDF96D153C8B4988D68D79C0D2A4A
c:\programdata\SecTaskMan\icm_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
c:\programdata\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE
c:\programdata\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
c:\programdata\SecTaskMan\icm_775F634D5961F2D4B844CA679CE90020
c:\programdata\SecTaskMan\icm_775F634D5961F2D4B844CA679CE90020.dll
c:\programdata\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4
c:\programdata\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4.dll
c:\programdata\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA
c:\programdata\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA.dll
c:\programdata\SecTaskMan\icm_884FD4BEFEAAF6043A14BCA2AA13B509
c:\programdata\SecTaskMan\icm_884FD4BEFEAAF6043A14BCA2AA13B509.dll
c:\programdata\SecTaskMan\icm_8DC775F5799A11E238CB4454DDD25424
c:\programdata\SecTaskMan\icm_952D7EE5731D8344A9F5244F23CE4012
c:\programdata\SecTaskMan\icm_952D7EE5731D8344A9F5244F23CE4012.dll
c:\programdata\SecTaskMan\icm_9F742B68E5D16CCC23081784D6A9E407
c:\programdata\SecTaskMan\icm_9F742B68E5D16CCC23081784D6A9E407.dll
c:\programdata\SecTaskMan\icm_A06CC9B718B93A649A35676BFBE9CE79
c:\programdata\SecTaskMan\icm_A06CC9B718B93A649A35676BFBE9CE79.dll
c:\programdata\SecTaskMan\icm_A28B4D68DEBAA244EB686953B7074FEF
c:\programdata\SecTaskMan\icm_A28B4D68DEBAA244EB686953B7074FEF.dll
c:\programdata\SecTaskMan\icm_A4988A8D578B60288E022BB7DC275C0A
c:\programdata\SecTaskMan\icm_A4988A8D578B60288E022BB7DC275C0A.dll
c:\programdata\SecTaskMan\icm_A6C64DD86500CEF47BA082BB611A1FF1
c:\programdata\SecTaskMan\icm_A6C64DD86500CEF47BA082BB611A1FF1.dll
c:\programdata\SecTaskMan\icm_A7C380116D0D4AD4C8A3478B83E90CB7
c:\programdata\SecTaskMan\icm_A7C380116D0D4AD4C8A3478B83E90CB7.dll
c:\programdata\SecTaskMan\icm_AC982987A37F61A43A13454D89EC60F9
c:\programdata\SecTaskMan\icm_AC982987A37F61A43A13454D89EC60F9.dll
c:\programdata\SecTaskMan\icm_b25099274a207264182f8181add555d0
c:\programdata\SecTaskMan\icm_b25099274a207264182f8181add555d0.dll
c:\programdata\SecTaskMan\icm_B58F4486EEA1A390F59C3205533B1A72
c:\programdata\SecTaskMan\icm_B6ACDB9A3563B764CA384963D73AFB3E
c:\programdata\SecTaskMan\icm_B6ACDB9A3563B764CA384963D73AFB3E.dll
c:\programdata\SecTaskMan\icm_BB98C29C11D15D8C51485D52898174A9
c:\programdata\SecTaskMan\icm_BB98C29C11D15D8C51485D52898174A9.dll
c:\programdata\SecTaskMan\icm_BD90C74FB647ABA218B9F87C9530E447
c:\programdata\SecTaskMan\icm_BD90C74FB647ABA218B9F87C9530E447.dll
c:\programdata\SecTaskMan\icm_BE7D7D7603394882E62CA43BC29C185B
c:\programdata\SecTaskMan\icm_BE7D7D7603394882E62CA43BC29C185B.dll
c:\programdata\SecTaskMan\icm_C04AC77760206FE40ACF16B80FB68F0D
c:\programdata\SecTaskMan\icm_C04AC77760206FE40ACF16B80FB68F0D.dll
c:\programdata\SecTaskMan\icm_C42A80C1861BE7048A6286AF5F2F7001
c:\programdata\SecTaskMan\icm_C42A80C1861BE7048A6286AF5F2F7001.dll
c:\programdata\SecTaskMan\icm_C6FADEDDE884ADC42867C1FCF5C3C523
c:\programdata\SecTaskMan\icm_C6FADEDDE884ADC42867C1FCF5C3C523.dll
c:\programdata\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98
c:\programdata\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98.dll
c:\programdata\SecTaskMan\icm_D04BB691875110D32B98EBCF771AA1E1
c:\programdata\SecTaskMan\icm_D04BB691875110D32B98EBCF771AA1E1.dll
c:\programdata\SecTaskMan\icm_D33A333FC5212A23D8ECC5D54132E172
c:\programdata\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100
c:\programdata\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100.dll
c:\programdata\SecTaskMan\icm_DBCF4DD51C3A5514E97114167CA0AAAB
c:\programdata\SecTaskMan\icm_DBCF4DD51C3A5514E97114167CA0AAAB.dll
c:\programdata\SecTaskMan\icm_DDA39468D428E8B4DB27C8D5DC5CA217
c:\programdata\SecTaskMan\icm_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\programdata\SecTaskMan\icm_DDE7F2BCF1D91C3409CFF425AE1E271A
c:\programdata\SecTaskMan\icm_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\programdata\SecTaskMan\icm_E97A59ECCF4EFFF4A857920FB449F22F
c:\programdata\SecTaskMan\icm_E97A59ECCF4EFFF4A857920FB449F22F.dll
c:\programdata\SecTaskMan\icm_F0F9292441ECFA74F97CFF92A7060312
c:\programdata\SecTaskMan\icm_F0F9292441ECFA74F97CFF92A7060312.dll
c:\programdata\SecTaskMan\icm_F132F0B0A6ECD384AA32773B467F9571
c:\programdata\SecTaskMan\icm_F132F0B0A6ECD384AA32773B467F9571.dll
c:\programdata\SecTaskMan\icm_F4E3B286A696ED244AC1C470AE61874B
c:\programdata\SecTaskMan\icm_F4E3B286A696ED244AC1C470AE61874B.dll
c:\programdata\SecTaskMan\icm_F942F94A19C0F79468FD2B85E5E8677B
c:\programdata\SecTaskMan\icm_F942F94A19C0F79468FD2B85E5E8677B.dll
c:\programdata\SecTaskMan\icm_FAFCFAA04455FAEE81B98CB53118211D
c:\programdata\SecTaskMan\icm_FAFCFAA04455FAEE81B98CB53118211D.dll
c:\programdata\SecTaskMan\icm_FC5048843DB0E53D31DBD417DA5E4E10
c:\programdata\SecTaskMan\icm_FC5048843DB0E53D31DBD417DA5E4E10.dll
c:\programdata\SecTaskMan\icm_FCDAC0A0AD874C333A05DC1548B97920
c:\programdata\SecTaskMan\icm_FD1ED856651DA5DD08E0026C3908F656
c:\programdata\SecTaskMan\icm_FF6DB2E9D8EC5B74DAC9A0C5D245BEC3
c:\programdata\SecTaskMan\icm_FF6DB2E9D8EC5B74DAC9A0C5D245BEC3.dll
c:\programdata\SecTaskMan\jp2ssv.dll.q_Quarantine_C46A320_q
c:\programdata\SecTaskMan\jp2ssv.dll.q_Quarantine_C46A320_q.ini
c:\programdata\SecTaskMan\WindowsLiveLogin.dll.q_Quarantine_4434B386_q
c:\programdata\SecTaskMan\WindowsLiveLogin.dll.q_Quarantine_4434B386_q.ini
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110303-0315.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110303-0341.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110305-1515.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110305-1548.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110307-1542.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110307-1559.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110407-0513.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110407-0543.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110413-0529.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110413-0555.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0301.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0322.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0643.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0703.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0710.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110529-0827.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110531-1351.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110531-1412.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110305-1704.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110407-1452.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110529-0639.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110529-1145.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110531-1414.txt
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\users\Brad\AppData\Roaming\uTorrent
c:\users\Brad\AppData\Roaming\uTorrent\apps.btapp
c:\users\Brad\AppData\Roaming\uTorrent\apps\DADC6E156485529178AD96DD503321DE39C1BED5.btapp
c:\users\Brad\AppData\Roaming\uTorrent\DA2 DLC Pack 1.02 Setup.exe.torrent
c:\users\Brad\AppData\Roaming\uTorrent\dht.dat
c:\users\Brad\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Brad\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\users\Brad\AppData\Roaming\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\users\Brad\AppData\Roaming\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\users\Brad\AppData\Roaming\uTorrent\Dragon.Age.2-RELOADED.torrent
c:\users\Brad\AppData\Roaming\uTorrent\Portal.2-SKIDROW.torrent
c:\users\Brad\AppData\Roaming\uTorrent\Portal.2.Crack.Fix-SKIDROW.torrent
c:\users\Brad\AppData\Roaming\uTorrent\Portal.zip.torrent
c:\users\Brad\AppData\Roaming\uTorrent\resume.dat
c:\users\Brad\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Brad\AppData\Roaming\uTorrent\rss.dat
c:\users\Brad\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Brad\AppData\Roaming\uTorrent\settings.dat
c:\users\Brad\AppData\Roaming\uTorrent\settings.dat.old
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 23:56 . 2011-06-14 23:56 -------- d-----w- c:\users\Brad\AppData\Local\temp
2011-06-14 23:56 . 2011-06-14 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 23:01 . 2011-06-14 23:01 -------- d-----w- c:\users\Brad\AppData\Local\{4D7F67E1-74BF-427B-A5B1-014C9C2C4F3C}
2011-06-14 11:01 . 2011-06-14 11:01 -------- d-----w- c:\users\Brad\AppData\Local\{8BAAEB43-DE68-4CDA-BB1B-EAA9326494A5}
2011-06-13 23:00 . 2011-06-13 23:01 -------- d-----w- c:\users\Brad\AppData\Local\{548CC782-99D2-4589-9F18-147DCAAE4222}
2011-06-13 09:16 . 2011-06-13 09:16 -------- d-----w- c:\users\Brad\AppData\Local\{958A6EDE-4F49-4CDF-A8BC-01961A995A68}
2011-06-12 22:07 . 2011-06-12 22:07 -------- d-----w- C:\MGADiagToolOutput
2011-06-12 22:06 . 2011-06-12 22:06 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-06-12 21:55 . 2011-06-12 21:55 -------- d-----w- C:\rsit
2011-06-12 21:55 . 2011-06-12 21:55 -------- d-----w- c:\program files\trend micro
2011-06-12 21:16 . 2011-06-12 21:16 -------- d-----w- c:\users\Brad\AppData\Local\{0A41369B-BA75-4542-9D6D-C5E9A04CCC4A}
2011-06-11 13:03 . 2011-06-11 13:03 -------- d-----w- c:\users\Brad\AppData\Local\{F522305C-F763-48FE-BC0C-71DF2366DFF7}
2011-06-11 01:03 . 2011-06-11 01:03 -------- d-----w- c:\users\Brad\AppData\Local\{15C67AF7-8C91-4558-9429-7AA064BA4EA4}
2011-06-10 14:45 . 2011-06-10 14:46 -------- d-----w- C:\username123
2011-06-10 13:02 . 2011-06-10 13:02 -------- d-----w- c:\users\Brad\AppData\Local\{6EE280A5-68EB-4FB3-BF50-AE6DBEE4C72D}
2011-06-09 20:02 . 2011-06-09 20:02 -------- d-----w- c:\users\Brad\AppData\Local\{1BD319BC-1F2D-4E30-B1F5-228C8D0C79CF}
2011-06-09 13:31 . 2011-06-09 13:31 -------- d-----w- C:\_OTS
2011-06-09 08:01 . 2011-06-09 08:02 -------- d-----w- c:\users\Brad\AppData\Local\{4E1FD071-19DD-4833-A199-7107C12A44EC}
2011-06-08 20:01 . 2011-06-08 20:01 -------- d-----w- c:\users\Brad\AppData\Local\{C0455925-881E-4C43-A641-D0B45F7EA54C}
2011-06-06 20:08 . 2011-06-06 20:08 -------- d-----w- C:\_OTL
2011-06-05 03:36 . 2011-04-14 10:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-05 01:09 . 2011-06-14 15:34 -------- d-----w- c:\program files\World of Warcraft
2011-05-30 07:11 . 2011-05-30 07:11 -------- d-----w- c:\program files\Common Files\Java
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\users\Brad\AppData\Roaming\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-05-30 06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-30 06:13 . 2011-06-01 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-23 08:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A25ED064-1345-4550-92D1-4131ACEA652E}\mpengine.dll
2011-05-22 00:23 . 2011-05-22 00:23 -------- d-----w- c:\users\Brad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-22 00:21 . 2011-05-22 00:21 -------- d-----w- c:\programdata\EA Core
2011-05-18 08:57 . 2011-05-18 08:57 -------- d-----w- c:\programdata\ATI
2011-05-16 20:29 . 2011-05-16 20:38 -------- d-----w- c:\program files\Dragon Age 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2009-12-14 03:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-12-14 03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 02:43 . 2011-04-20 02:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-05-27 17:02 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:02 . 2011-04-20 02:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:59 . 2010-11-26 02:49 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 01:38 . 2010-03-03 03:46 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 01:26 . 2010-03-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-11-26 02:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 01:21 . 2010-03-03 03:06 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 01:21 . 2010-03-03 03:06 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-06-01 00:26 . 2011-05-31 18:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_19.40.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-14 02:45 . 2011-06-14 22:56 48312 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-12-14 02:26 . 2011-06-14 22:56 14878 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1455944489-3012744293-3388263478-1000_UserData.bin
- 2011-05-29 14:47 . 2011-06-01 18:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-05-29 14:47 . 2011-06-03 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-06-02 16:03 . 2011-06-02 16:03 36616 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-06-03 06:56 . 2011-06-03 06:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060320110604\index.dat
+ 2011-06-02 16:03 . 2011-06-02 16:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060220110603\index.dat
- 2011-06-01 09:30 . 2011-06-01 09:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060120110602\index.dat
+ 2011-06-01 09:30 . 2011-06-01 23:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011060120110602\index.dat
- 2009-12-18 09:29 . 2011-05-31 07:52 3542 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-18 09:29 . 2011-06-11 07:31 3542 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2011-06-01 12:59 . 2011-06-01 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-14 22:52 . 2011-06-14 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-14 22:52 . 2011-06-14 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-01 12:59 . 2011-06-01 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2011-06-14 22:56 115402 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-05 03:36 . 2011-04-14 10:08 157472 c:\windows\System32\javaws.exe
- 2009-12-28 18:30 . 2009-12-28 18:30 145184 c:\windows\System32\javaw.exe
+ 2011-06-05 03:36 . 2011-04-14 10:08 145184 c:\windows\System32\javaw.exe
- 2009-12-28 18:30 . 2009-12-28 18:30 145184 c:\windows\System32\java.exe
+ 2011-06-05 03:36 . 2011-04-14 10:08 145184 c:\windows\System32\java.exe
+ 2006-11-02 13:02 . 2011-06-14 15:55 425984 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-01 05:00 . 2011-06-01 12:58 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-01 05:00 . 2011-06-14 22:51 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-01-23 03:10 . 2011-06-01 12:58 232740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-23 03:10 . 2011-06-14 22:51 232740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 19:44 . 2011-06-14 22:51 900902 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1455944489-3012744293-3388263478-1000-8192.dat
+ 2011-01-23 03:10 . 2011-06-09 13:36 962488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1455944489-3012744293-3388263478-1000-12288.dat
+ 2011-06-05 03:37 . 2011-06-05 03:37 180224 c:\windows\Installer\2ceca3e.msi
+ 2006-11-02 13:02 . 2011-06-14 15:55 2375680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2011-06-14 15:55 2457600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:47 . 2011-04-25 19:24 4310276 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:47 . 2011-06-09 19:45 4310276 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http: [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 18:19 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 18:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1455944489-3012744293-3388263478-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\Brad\AppData\Local\Temp\CFcatchme.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-15 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\cfre9ha0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-14 18:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-14 18:57:52
ComboFix-quarantined-files.txt 2011-06-14 23:57
ComboFix2.txt 2011-06-14 23:40
ComboFix3.txt 2011-06-12 21:52
ComboFix4.txt 2011-06-10 14:59
ComboFix5.txt 2011-06-14 23:47
.
Pre-Run: 11,132,198,912 bytes free
Post-Run: 11,083,964,416 bytes free
.
- - End Of File - - CD4791ACAFEE8FA632E8F0081F86A51B

SystemLook 04.09.10 by jpshortstuff
Log created at 19:00 on 14/06/2011 by Brad
Administrator - Elevation successful

========== file ==========

C:\Windows\system32\drivers\af3p4pn0.sys - Unable to find/read file.

C:\Windows\system32\tmp.txt - File found and opened.
MD5: D41D8CD98F00B204E9800998ECF8427E
Created at 19:43 on 08/06/2011
Modified at 19:43 on 08/06/2011
Size: 0 bytes
Attributes: --a----
No version information available.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, the infection looks like its gone, but you have these folders being created daily:

c:\users\Brad\AppData\Local\{6EE280A5-68EB-4FB3-BF50-AE6DBEE4C72D}
c:\users\Brad\AppData\Local\{1BD319BC-1F2D-4E30-B1F5-228C8D0C79CF}

etc.

Strangely enough, the first one was there on the 28/05/2011, the same time you had those other two files installed which we removed a while back, and the same day (give or take) as you expereinced the problems.

So, I have a feeling its still there.

--

Okay, can you run this for me:

Please run a free online scan with the *ESET Online Scanner* 
*Note*_: You will need to use Internet Explorer for this scan_
Click *Eset Online Scanner* button.
Tick the box next to *YES, I accept the Terms of Use* 
If it wants to install an Addon, allow it.
If asked, allow the ActiveX control to install 
Click *Start* 
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked 
Click *Scan* (This scan can take several hours, so please be patient) 
Once the scan is completed, you may close the window 
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt* 
Copy and paste that log as a reply to this topic 

-----

And then this:

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

----

And then finally this one:


Download *Charon* from *here* 
Double-click the Charon.exe to run the installer
This will now place a ReadMe and the Charon program on your Desktop
Double-click the Charon program, and let it run (it may take a while).
After its finished, locate the *output.md5* on your Desktop.
Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here


----------



## brad33 (May 31, 2011)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=c5bae8711015f34fa793ad4bd8d637fe
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-16 09:04:29
# local_time=2011-06-16 04:04:29 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 207459 207459 0 0
# compatibility_mode=1024 16777215 100 0 46529229 46529229 0 0
# compatibility_mode=5892 16776573 100 100 1149292 144817107 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=213332
# found=0
# cleaned=0
# scan_time=5490


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_d.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_n.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_s.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_top_crackmask.dds
c:\qoobox\quarantine\c\users\brad\appdata\roaming\utorrent\portal.2.crack.fix-skidrow.torrent.vir
c:\users\brad\desktop\mom's stuff\my documents\my music\hootie & the blowfish\cracked rear view\desktop.ini
c:\users\brad\downloads\dragon age 1.02 crack working.zip
c:\users\brad\downloads\mass effect crack galaxy map fix.rar
c:\users\brad\downloads\dragon age 1.02 crack working\daorigins.exe
c:\users\brad\downloads\dragon age 1.02 crack working\fah.exe
c:\users\brad\downloads\dragon age 1.02 crack working\instructions.txt
c:\users\brad\downloads\mass effect crack galaxy map fix\mass effect crack galaxy map fix\masseffect-gmfix\masseffect.exe
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\masseffect.exe
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\rld-mekg.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.rar
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.sfv
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\launcher.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\skidrow.ini
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\skidrow.nfo
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\steamclient.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\client.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\server.dll
scanner sequence 3.ZZ.11
----- EOF -----


----------



## eddie5659 (Mar 19, 2001)

Okay, the md5 list is nice and clean but having these may be the source of the problems:



> c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_d.dds
> c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_n.dds
> c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_s.dds
> c:\program files\demigod\bindata\maps\map05\textures\map05_top_crackmask.dds
> ...


Cracks/Keygens are a major scource of viruses and malware, so I would suggest we remove these.

If you do decide to keep them, its up to you, but this is how to remove them:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_d.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_n.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_s.dds
c:\program files\demigod\bindata\maps\map05\textures\map05_top_crackmask.dds
c:\qoobox\quarantine\c\users\brad\appdata\roaming\utorrent\portal.2.crack.fix-skidrow.torrent.vir
c:\users\brad\desktop\mom's stuff\my documents\my music\hootie & the blowfish\cracked rear view\desktop.ini
c:\users\brad\downloads\dragon age 1.02 crack working.zip
c:\users\brad\downloads\mass effect crack galaxy map fix.rar
c:\users\brad\downloads\dragon age 1.02 crack working\daorigins.exe
c:\users\brad\downloads\dragon age 1.02 crack working\fah.exe
c:\users\brad\downloads\dragon age 1.02 crack working\instructions.txt
c:\users\brad\downloads\mass effect crack galaxy map fix\mass effect crack galaxy map fix\masseffect-gmfix\masseffect.exe
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\masseffect.exe
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\rld-mekg.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.rar
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.sfv
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\launcher.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2.exe
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\skidrow.ini
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\skidrow.nfo
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\steamclient.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\client.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\server.dll
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

--------

Other than that, its showing clean. Can you run this as an extra cleanup:

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## brad33 (May 31, 2011)

All processes killed
Error: Unable to interpret < > in the current context!
========== FILES ==========
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_d.dds moved successfully.
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_n.dds moved successfully.
c:\program files\demigod\bindata\maps\map05\textures\map05_tile_cracked_s.dds moved successfully.
c:\program files\demigod\bindata\maps\map05\textures\map05_top_crackmask.dds moved successfully.
File/Folder c:\qoobox\quarantine\c\users\brad\appdata\roaming\utorrent\portal.2.crack.f ix-skidrow.torrent.vir not found.
c:\users\brad\desktop\mom's stuff\my documents\my music\hootie & the blowfish\cracked rear view\desktop.ini moved successfully.
c:\users\brad\downloads\DRAGON AGE 1.02 CRACK WORKING.zip moved successfully.
c:\users\brad\downloads\Mass Effect Crack Galaxy Map Fix.rar moved successfully.
c:\users\brad\downloads\dragon age 1.02 crack working\daorigins.exe moved successfully.
c:\users\brad\downloads\dragon age 1.02 crack working\FAH.exe moved successfully.
c:\users\brad\downloads\dragon age 1.02 crack working\Instructions.txt moved successfully.
c:\users\brad\downloads\mass effect crack galaxy map fix\mass effect crack galaxy map fix\masseffect-gmfix\MassEffect.exe moved successfully.
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\MassEffect.exe moved successfully.
c:\users\brad\downloads\mass.effect.proper-reloaded\rld-mass\rld-mass\crack\rld-mekg.exe moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.rar moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf.sfv moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\Launcher.exe moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2.exe moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\Skidrow.ini moved successfully.
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\skidrow.nfo moved successfully.
DllUnregisterServer procedure not found in c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\Steamclient.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\Steamclient.dll moved successfully.
LoadLibrary failed for c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\client.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\client.dll moved successfully.
LoadLibrary failed for c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\server.dll
c:\users\brad\downloads\portal.2.crack.fix-skidrow\sr-port2cf\portal2\bin\server.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Brad
->Temp folder emptied: 492812 bytes
->Temporary Internet Files folder emptied: 12757515 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 483182207 bytes
->Flash cache emptied: 10819 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65907 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 88071398 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 558.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.18.0 log created on 06162011_162145

Files moved on Reboot...

Registry entries deleted on Reboot...

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : BRAD-PC
Creation time : 6/16/2011 16:31:04
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6002.18005
OS : Windows Vista (TM) Home Premium
OS Build : 6002
OS SP : Service Pack 2
RunScanner Version : 2.0.0.50
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\System32\atieclxx.exe (AMD)
* C:\Windows\System32\atiesrxx.exe (AMD)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
* C:\Windows\notepad.exe (Microsoft Corporation)
* C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
* C:\Windows\System32\dlbtcoms.exe ( )
* C:\Users\Brad\Desktop\runscanner.exe (Runscanner.net)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wuauclt.exe (Microsoft Corporation)
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
002 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
002 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module)
011 C:\Windows\System32\Drivers\sptd.sys (sptd)
031 C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) {6318E0AB-2E93-11D1-B8ED-00608CC9A71F}
042 GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
042 GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll (Advanced Micro Devices, Inc.) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
173 GUID / CLSID not found {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
173 C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
173 GUID / CLSID not found
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 GUID / CLSID not found {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
221 C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
221 GUID / CLSID not found
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 GUID / CLSID not found {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
225 GUID / CLSID not found {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
225 C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
225 C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
227 C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
227 GUID / CLSID not found
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
251 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
254 C:\Program Files\FileZilla FTP Client\fzshellext.dll {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}

Missing files
-------------
011 c:\windows\system32\drivers\AtiHdmi.sys
011 c:\windows\system32\drivers\blbdrive.sys
011 C:\username12327232u\catchme.sys
011 C:\Users\Brad\AppData\Local\Temp\CFcatchme.sys
011 c:\windows\system32\CT20XUT.DLL
011 c:\windows\system32\CTEXFIFX.DLL
011 c:\windows\system32\CTHWIUT.DLL
011 c:\windows\system32\DRIVERS\ipinip.sys
011 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
032 rdpclip


----------



## eddie5659 (Mar 19, 2001)

Just about to create a fix when something caught my eye in the log. I'll have to check this out, so will be back soon


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like its all okay 

Before I run the RunScanner fix, are you still having problems with Chkdsk and windows wanting to be activtated, or are there any other problems?

eddie


----------



## brad33 (May 31, 2011)

CHKDSK has stopped running when i reboot and has been gone for a while now. My only problems right now are Windows wanting to be activated and the Reference Assemblies folder being corrupt and unreadable. Anytime I do a scan of any sort, it will come up with an error saying that folder is corrupt.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can sort these things out 

For the activation, see if re-activating helps:

http://support.microsoft.com/kb/940315

We need to make sure the activation works, as the Reference Asemblies is a download, that Windows will maybe check to see if you're using a activated pc.

Let me know 

eddie


----------



## brad33 (May 31, 2011)

I still cannot activate it. It won't let me put in the right characters for the key and when I tried the online activation it just hangs saying Windows validation in process.


----------



## eddie5659 (Mar 19, 2001)

Are you logging in as an Admin?

Just reading the above link and it says:



> What you will need
> You must be logged on to Windows as an administrator in order to activate Windows Vista. To verify that you are logged on to Windows with a user account that is a computer administrator, visit the following Microsoft Web site:
> http://support.microsoft.com/gp/admin
> In order to activate your copy of Windows Vista, you may need your valid product key. You can locate the product key on the Windows Vista CD sleeve or on the Windows Vista CD case.
> ...


----------



## eddie5659 (Mar 19, 2001)

May have an answer for you, as it looks like its a common thing. Is this a Dell pc?


----------



## brad33 (May 31, 2011)

Yes it is a Dell.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if this works for you:


Open up Windows Explorer.
Navigate to the C:\Windows\System32 folder
Find the file *cmd.exe*
Right Click on the cmd.exe and select *Run as Administrator*
Type the following, it may take a while so make sure you enter all the parts, with spaces etc:

*cscript slmgr.vbs -rilc*

Hit the Enter key. It may say something like License reinstall successful.
Reboot 2 times (it may only require one reboot, each pc can be different).

When you reboot there should be a screen saying that there was a change to the liscence and that the Product key needs to be entered. It should be either on your manual/disk, or probably stuck to the computer itself. Type that it, and it should get you to Windows as normal.

Then, when its back, can you re-run the MGADiag.exe tool and post the results 

eddie


----------



## brad33 (May 31, 2011)

Windows is now activated, thanks. It turns out the cd key on the cd's case wasn't the right one. It was the one on the computer's case that worked.


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

I was going to reply last night, but after working late, I fell asleep when I got home, just after I ate 

Did you need to do the above, or was it just a case of looking at the case?

Either way, lets look at the Assemblies now 

Now, does it say which Assemblies are having problems, as there are more than one version?

If not, we'll start with re-installing one version, then the relevent Service Packs, then see how that goes.

Okay, so firstly I'll list what you currently have:

*"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended*

So, lets start with 1.1

Go here:

http://www.microsoft.com/download/en/details.aspx?id=26

and download an install the Version 1.1. You're basically re-installing the program on top of the existing one, as if there are any corrupt files, these will be replaced with fresh ones.

Reboot and see if that still causes problems.

eddie


----------



## brad33 (May 31, 2011)

Hmm it still shows it as corrupt.


----------



## eddie5659 (Mar 19, 2001)

Oki doki, onto the next one 

*Framework 3.5*

http://www.microsoft.com/downloads/en/details.aspx?familyid=333325fd-ae52-4e35-b531-508d977d32a6

And then after that's installed, this is the service pack:

http://www.microsoft.com/download/en/details.aspx?id=25150


----------



## brad33 (May 31, 2011)

I got an error when i tried it and i didn't download the service pack yet.


----------



## eddie5659 (Mar 19, 2001)

What was the error that you got?


----------



## brad33 (May 31, 2011)

It extracts the files and then has me accept the user agreement but at the bottom of that it shows the download size as 0 bytes. I hit I agree and it starts to download the files but it finishes instantly because there was nothing to download and then it just says Setup Error.


----------



## eddie5659 (Mar 19, 2001)

Okay, just before we carry on, I've had another look at the versions you have installed, and according to the OTL logs, you don't have version 3.0 installed.

Now, this maybe the reason for the error, as OTL shows you having these folders:

*File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0*

So, lets double-check what you have installed.

Can you start HijackThis, but click *Config* and then *Misc Tools*.
Scroll down and click on *Open Uninstall Manager*.
Click on *Save List* and save the *uninstall_list.txt* to your Desktop.
Copy/paste the contents here.


----------



## brad33 (May 31, 2011)

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Advanced Combat Tracker (remove only)
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Problem Report Wizard
ATI Stream SDK v2 Developer
Belarc Advisor 8.1
Catalyst Control Center - Branding
CCleaner
Charon 1.0.4.1
Command & Conquer 3
Creative MediaSource 5
D3DX10
Dell Resource CD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
Dragon Age II
Dragon Age: Origins
Driver Sweeper 2.1.0
EQ2MAP Updater 1.2.4
ESET Online Scanner v3
EVEREST Home Edition v2.20
EverQuest II
ffdshow [rev 3128] [2009-11-08]
FileZilla Client 3.3.4.1
Fraps (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
ICQ7.4
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) PRO Network Connections 12.1.11.0
Java(TM) 6 Update 25
League of Legends
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware version 1.51.0.1200
Mass Effect
Mass Effect 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
OpenAL
Portal
Portal 2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sound Blaster X-Fi
Station Launcher
SUPERAntiSpyware
System Requirements Lab
The Lord of the Rings Online v03.02.03.8013
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Vista TN3270
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft


----------



## eddie5659 (Mar 19, 2001)

Okay, we have a tool to verify if the versions of .Net that you have installed are corrupt or not.

So, can you download the attached zip file, then Extract the contents to a new folder.

Then, run the tool. a box will appear, select *Yes* and then *Yes* again.










The tool will extract a few files, and then will look like this:










Now, to determine which is actually showing any problems, can you select each one in turn from the drop down list, and then click *Verify Now*.

And then let me know what the *Current Status* is for each.

For example, this is 1.1 SP1 on my pc:










Which failed. That's because I don't have SP1 installed. But, for .Net SP2 it passed, as I have it installed:










So, if you let me know what happens with each, as if a version fails but its on your installed list, we can look at that one further


----------



## brad33 (May 31, 2011)

1.1 SP1 failed
2.0 SP2 succeeded
3.0 SP2 failed This one had the balloon pop up in the bottom right saying the folder was corrupt.
3.5 SP1 failed This one also had the balloon pop up but the rest of these didn't.
4 Client succeeded
4 Full succeeded


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like we may be onto something 

So, lets create a restore point before we go ahead..

1. Open System by clicking the *Start* button, clicking Control Panel, clicking *System and Maintenance*, and then clicking *System*.

2. In the left pane, click *System Protection* If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. Click the *System Protection* tab, and then click *Create*.

Call it something like 'Net reinstall'

4. In the *System Protection* dialog box, type a description, and then click *Create*.

----

We'll try the version 3.0 first, as the 3.5 may be showing as corrupt due to the older version being corrupt.

Firstly, we need to uninstall the older 3.0, so go to AddRemove programs via the Control Panel, and uninstall *.NET Framework 3.0*.

If its still not showing, then just go ahead with the following.

Now, we'll get the initial install:

http://www.microsoft.com/download/en/details.aspx?id=31

Make sure you download from the top, under Quick Details. When you click it, select Save, and pop it onto your Desktop. It should only be about 2MB. You'll need to be connected to the internet when you run the program.

Let me know how that goes to start with.

eddie


----------



## brad33 (May 31, 2011)

Error message during the setup of that.

You must use "Turn Windows features on or off" in the Control Panel to install or configure Microsoft .NET Framework 3.0.


----------



## brad33 (May 31, 2011)

Well I found where to turn it off but it's taking several minutes so I will check it in the morning.


----------



## eddie5659 (Mar 19, 2001)

Sorry I wasn't here yesterday, had to stay a lot later at work than I thought, so home quite late 

Any news on the install?


----------



## brad33 (May 31, 2011)

It still did not work once I found that option and tried to uncheck the NET framework folder because it gives me an error when I try to uncheck that box.


----------



## eddie5659 (Mar 19, 2001)

Okay, I'm going to grab someone else, as they may know what else to try 

Back in a bit....


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if this helps:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Open JavaRa.exe again and select *Search For Updates*. 
Select *Update Using Sun Java's Website* then click Search and click on the *Open Webpage* button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

then, when that's done, download and install Microsoft .NET Framework 3.5 Service Pack 1

http://www.microsoft.com/download/en/details.aspx?id=22


----------



## brad33 (May 31, 2011)

Worked fine up to the .NET framework part. I tried uninstalling and it encountered an error. I tried Repair and it encountered an error. Those were the only two options I had.


----------



## eddie5659 (Mar 19, 2001)

Did it ask to uninstal previous versions when you tried to install the .net, or were you uninstalling via AddRemove?


----------



## brad33 (May 31, 2011)

It came up with two options, Repair and Uninstall. Neither one of them worked.


----------



## brad33 (May 31, 2011)

[07/13/11,19:34:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:34:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/13/11,19:35:31] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
﻿[07/13/11,19:34:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:34:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/13/11,19:35:31] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:35:42] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:00:03] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:00:13] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:43:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:43:34] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:49:47] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
﻿[07/13/11,19:34:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:34:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/13/11,19:35:31] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:35:42] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:00:03] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:00:13] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:43:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:43:34] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:49:47] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:49:57] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:59:16] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
﻿[07/13/11,19:34:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:34:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/13/11,19:35:31] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/13/11,19:35:42] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:00:03] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:00:13] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:43:22] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:43:34] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:49:47] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:49:57] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,08:59:16] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1603
[07/14/11,08:59:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.5 'package' is not installed.
[07/14/11,09:13:39] Microsoft .NET Framework 3.5 'package': [2] Error: Installation failed for component Microsoft .NET Framework 3.5 'package'. MSI returned error code 1601


----------



## eddie5659 (Mar 19, 2001)

Okay, just asking someone else about this, so in the meantime, can you do this. The log may be very large, so uplaod it as an attachment 

Using SystemLookUp again, as you did before, can you use this code instead:


```
:dir
C:\Program Files\Reference Assemblies /s
```
eddie


----------



## brad33 (May 31, 2011)

SystemLook 04.09.10 by jpshortstuff
Log created at 17:53 on 14/07/2011 by Brad
Administrator - Elevation successful

========== dir ==========

C:\Program Files\Reference Assemblies - Unable to find folder.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Wasn't expecting that 

When the message comes up about the corrupt folder, can you post the screenshot, so I can see what it looks like?

eddie


----------



## eddie5659 (Mar 19, 2001)

Having a think on this whilst I wait for the reply, and maybe running an sfc scan may help 

Okay, lets try this:

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## brad33 (May 31, 2011)

Windows Resource Protection could not perform the requested operation.

It made it 85% through the verification phase.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can see what's stopping it.

Open up Windows Explorer, and navigate to this folder:

*C:\Windows\Logs\CBS*

Inside you should see the *CBS.log* file.

Upload it here, as it can be very big.

-----------

If the folder is hidden, then try this first, then see if its there:

Set Explorer to view Hidden Files and Folders:

In Windows Explorer, select *Tools* from the menu.
Select Folder Options
Select the View tab
Make sure *Show Hidden Files and Folders* is ticked
Select *Apply *| *Yes* and then *OK*.

eddie


----------



## brad33 (May 31, 2011)

That file is 19,000 KB and the max file size for a log file is 500 KB


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if this helps.

Go to Start | Run and type *cmd* and press Enter.
In the command prompt, type the following, or copy/paste it if you can:

*findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*

and press Enter.

Now, close the Command Prompt, and on your desktop should be the sfcdetails.txt

Is it possible for you to upload that?

eddie


----------



## brad33 (May 31, 2011)

That seemed to work.


----------



## eddie5659 (Mar 19, 2001)

Looks okay to me, so lets just delve a bit deeper to see what may have caused the stopping of SFC.

Also, do you have any screensavers on? Also, can you check here, and let me know what its set to:

Control Panel | Display. Screen Saver tab.

Under Monitor Power, click on the button for Power.

What is the Hard Disks set for?

-----

Please download *MBRCheck.exe* to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:



> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type *N* and press *Enter*. A report will be produced on the desktop. Post that report in your next reply.

eddie


----------



## brad33 (May 31, 2011)

Screen Saver after 10 minutes, Monitor off after 20 and the hard disk after 20 minutes also.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 145):
0x81E0E000 \SystemRoot\system32\ntkrnlpa.exe
0x821C8000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\System32\Drivers\spyw.sys
0x80786000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B5000 \SystemRoot\system32\drivers\acpi.sys
0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BB000 \SystemRoot\system32\drivers\pci.sys
0x805E2000 \SystemRoot\System32\drivers\partmgr.sys
0x805F1000 \SystemRoot\system32\drivers\volmgr.sys
0x8A80D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A857000 \SystemRoot\system32\drivers\pciide.sys
0x8A85E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A86C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A87C000 \SystemRoot\system32\drivers\atapi.sys
0x8A884000 \SystemRoot\system32\drivers\ataport.SYS
0x8A8A2000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A8D4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A8E4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA04000 \SystemRoot\system32\drivers\ndis.sys
0x8AB0F000 \SystemRoot\system32\drivers\msrpc.sys
0x8AB3A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC06000 \SystemRoot\System32\drivers\tcpip.sys
0x8ACF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF13000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF4C000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF54000 \SystemRoot\System32\Drivers\mup.sys
0x8AF63000 \SystemRoot\System32\drivers\ecache.sys
0x8AF8A000 \SystemRoot\system32\drivers\disk.sys
0x8AF9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFE5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFF0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AD0B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8EA01000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8AD4B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F1BF000 \SystemRoot\System32\drivers\watchdog.sys
0x8A955000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AB75000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8F1CB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8ABB0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E60D000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8E68D000 \SystemRoot\system32\drivers\portcls.sys
0x8E6BA000 \SystemRoot\system32\drivers\drmk.sys
0x8E6DF000 \SystemRoot\system32\drivers\ks.sys
0x8E709000 \SystemRoot\system32\drivers\ctoss2k.sys
0x8E73E000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8E746000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8E751000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E769000 \SystemRoot\System32\Drivers\a0cbskqz.SYS
0x8E7A2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F408000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F449000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F454000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F46B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F476000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F499000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F4A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F4BC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F4D1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F4E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F4EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F4F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F4F9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F503000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F510000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93C09000 \SystemRoot\system32\drivers\ha20x2k.sys
0x93D2C000 \SystemRoot\system32\drivers\emupia2k.sys
0x93D5C000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x8F545000 \SystemRoot\system32\drivers\ctac32k.sys
0x93D85000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93D96000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x93DAB000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x93E09000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x93F50000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x93F6B000 \SystemRoot\system32\drivers\HdAudio.sys
0x93FAA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x93FB3000 \SystemRoot\System32\Drivers\Null.SYS
0x93FBA000 \SystemRoot\System32\Drivers\Beep.SYS
0x93FCA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x93FD1000 \SystemRoot\System32\drivers\vga.sys
0x93FDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x93E00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x93DD7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x93FC1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93DE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x93DEF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F5E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F5EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93DF7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E7D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93C00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E7E7000 \SystemRoot\system32\DRIVERS\smb.sys
0x94003000 \SystemRoot\System32\DRIVERS\netbt.sys
0x94035000 \SystemRoot\system32\drivers\afd.sys
0x9407D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x94093000 \SystemRoot\system32\DRIVERS\netbios.sys
0x940A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x940B4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x940D6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x940DC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x94118000 \SystemRoot\system32\drivers\nsiproxy.sys
0x94122000 \SystemRoot\System32\Drivers\dfsc.sys
0x94139000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94142000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9414F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9415A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9B890000 \SystemRoot\System32\win32k.sys
0x94162000 \SystemRoot\System32\drivers\Dxapi.sys
0x9416C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BAB0000 \SystemRoot\System32\TSDDD.dll
0x9BAD0000 \SystemRoot\System32\cdd.dll
0x81404000 \SystemRoot\system32\drivers\spsys.sys
0x814B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x814C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x814EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x814F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8150B000 \SystemRoot\system32\drivers\HTTP.sys
0x81578000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81595000 \SystemRoot\system32\DRIVERS\bowser.sys
0x815AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x815C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9419E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x941BD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x815E4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2005000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA202D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA207C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA2085000 \SystemRoot\system32\drivers\peauth.sys
0xA2163000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA216D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2179000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA21A1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x774C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 50):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
496 csrss.exe
576 C:\Windows\System32\wininit.exe
584 csrss.exe
620 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\atiesrxx.exe
1040 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\SLsvc.exe
1304 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\atieclxx.exe
1524 C:\Windows\System32\svchost.exe
1788 C:\Windows\System32\spoolsv.exe
1812 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\dwm.exe
276 C:\Windows\System32\taskeng.exe
312 C:\Windows\explorer.exe
1464 C:\Windows\System32\dlbtcoms.exe
2076 C:\Windows\System32\svchost.exe
2100 C:\Windows\System32\svchost.exe
2132 C:\Windows\System32\svchost.exe
2292 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2396 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2408 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2416 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2432 C:\Program Files\Windows Media Player\wmpnscfg.exe
2588 C:\Windows\System32\SearchIndexer.exe
2672 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2952 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3000 C:\Program Files\Windows Media Player\wmpnetwk.exe
3436 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3532 C:\Windows\System32\svchost.exe
2316 C:\Windows\System32\taskeng.exe
616 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3944 C:\Windows\System32\wuauclt.exe
5308 C:\Program Files\Sony\EverQuest II\EverQuest2.exe
3132 C:\Program Files\Mozilla Firefox\firefox.exe
5984 C:\Program Files\Mozilla Firefox\plugin-container.exe
5968 C:\Windows\explorer.exe
6108 C:\Users\Brad\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG 

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look at one of the files shown:

Using SystemLook as you did before, can you run with the following code, and post the details:


```
:file
C:\Windows\System32\Drivers\a0cbskqz.SYS
```
--

Also, can you do a scan as well:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\System32\Drivers\a0cbskqz.SYS*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.


----------



## brad33 (May 31, 2011)

SystemLook 04.09.10 by jpshortstuff
Log created at 13:45 on 06/08/2011 by Brad
Administrator - Elevation successful

========== file ==========

C:\Windows\System32\Drivers\a0cbskqz.SYS - Unable to find/read file.

-= EOF =-


The online virus scan seems to be down or something.


----------



## eddie5659 (Mar 19, 2001)

Okay, I'll have a look at that when I get home, as yesterday I had a migraine, so still a bit groggy 

In the meantime, try this:

*Vista-System File Checker:*

You may require your Vista DVD for the below.


Click on *Start*(Vista Orb). 
Click on *All Programs* >> *Accessories* 
Right click on *Command Prompt * and select *Run as Administrator*. 
Click on *Continue *in the *UAC* prompt. 
At the *Command Prompt* _*C:\Windows\System32>*_ type in the following exactly: 
*CD C:\* 
Then depress the *Enter/Return* key, then type in the following exactly: 
*sfc /scannow* 
Then depress the *Enter/Return* key. 
*Note:* This may take awhile to finish. When completed close the *Administrator Command Prompt* window, via typing *Exit* then depress the *Enter/Return* key.


----------



## brad33 (May 31, 2011)

Still gives the same error


----------



## eddie5659 (Mar 19, 2001)

Nuts 

I'm away on holiday from the 12th to 19th August, so will see what I can do before I go 

Okay, can you go back to the Power options again, and put the Screen Saver to None, and Hard Disks to Never.

Apply and OK.


Now, try the SFC scan again, the latest one you ran as its via the Admin account


----------



## brad33 (May 31, 2011)

Stopped at 85% again


----------



## eddie5659 (Mar 19, 2001)

Okay, I'm asking a few others about this, but in the meantime, can you try SFC in SafeMode?

---

Also, looking at the Corrupt Assemblies again, as that may be causing some problems. So, looking at that area, I see that you have these installed. in your AddRemove Programs list:

*Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01*

Now, I'm going to ignore the .net ones for now, so that leaves us with:

*Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148*

Now, as these may be linked to .Net file use, one of these may be corrupt. However, if you can try the SFC in safe mode, if that works, that could be the one. If not, and I'll start creating it now just in case, I'll post a reply based on the above installations.

eddie


----------



## brad33 (May 31, 2011)

It stopped at 85% in safe mode too.


----------



## eddie5659 (Mar 19, 2001)

I'm away from tomorrow for a week, but someone may be dropping in, to see if they can help 

-----

Okay, lets try this:

Firstly, go to Windows Update to see if there are any updates for your system, as we never know, one of them may solve this.

If still no joy, then do the following:

Firstly, create a restore point, just to be safe:

1. Open System by clicking the *Start* button, clicking Control Panel, clicking *System and Maintenance*, and then clicking *System*.

2. In the left pane, click *System Protection* If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. Click the *System Protection* tab, and then click *Create*.

Call it something like 'Net reinstall'

4. In the *System Protection* dialog box, type a description, and then click *Create*.

---

The first one we'll try is this one:

*Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148*

As that has both the Runtime and Redistributable entries in the AddRemove Programs list.

So, firstly go to AddRemove Programs and uninstall the entries for these:

*Microsoft Visual C++ 2008 Redistributable
Visual C++ 2008 x86 Runtime*

Reboot and then go here for the new download:

http://www.microsoft.com/download/e...T.mc_id=MSCOM_EN_US_DLC_DETAILS_121LSUS007998

And install.

Does the Corrupt Assemblies messages still appear?

eddie


----------



## Dakeyras (Nov 27, 2008)

Hi. 

Just to let you know I'll be providing assistance whilst eddie5659 is away. So please carry out the last set of instructions posted when ready, thank you.


----------



## eddie5659 (Mar 19, 2001)

Hi Dakeyras

Thanks for popping in, but I see no replies since I went away 

Back now, back in oh so coldish England, away from 29°C Poland 

Any news Brad?


----------



## eddie5659 (Mar 19, 2001)

Hi, as this was a long thread, any news on the above?


----------



## brad33 (May 31, 2011)

Still corrupt


----------



## eddie5659 (Mar 19, 2001)

So the installation of 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

didn't work? Okay, will look at the others when I get home


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try the next one:

Firstly, create a restore point, just to be safe:

1. Open System by clicking the *Start* button, clicking Control Panel, clicking *System and Maintenance*, and then clicking *System*.

2. In the left pane, click *System Protection* If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. Click the *System Protection* tab, and then click *Create*.

Call it something like '2Net reinstall'

4. In the *System Protection* dialog box, type a description, and then click *Create*.

---

The second one we'll try is this one:

*Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319*

So, firstly go to AddRemove Programs and uninstall the entry for this:

*Microsoft Visual C++ 2010 x86 Redistributable*

Reboot and then go here for the new download:

http://www.microsoft.com/download/en/details.aspx?id=5555

And install.

Let me know how it goes 

eddie


----------



## brad33 (May 31, 2011)

That one worked.


----------



## eddie5659 (Mar 19, 2001)

Excellent, is it all okay now, has the error stopped appearing?


----------



## brad33 (May 31, 2011)

The Reference Assemblies folder is still corrupt.


----------



## eddie5659 (Mar 19, 2001)

Okay, will have a big read up on this tomorrow, and have some ideas, but need to see what we've already tried.

And I'm pretty sure you've already answered this, but can you write word for word what the error says, or does it just say Corrupt Reference Assemblies?

eddie


----------



## brad33 (May 31, 2011)

C:\Program Files\Reference Assemblies is not accessible.

The file or directory is corrupted and unreadable.


----------



## eddie5659 (Mar 19, 2001)

Okay, I know it used to say about the Chkdsk on startup, but this may fix the corrupt folder:

Try this click *Start*>>*Run *type *cmd *click *Ok*.

In the Command Prompt type *chkdsk /f* click *Enter*

Ther is a space between k and /f

Or Click Start>>All Programs>>Accessories>>Command Prompt

You will be asked if you want a check disk to run on next startup click *Y *and then press *Enter*

Restart your PC

It will run in 5 sections please do not interrupt it let it finish.

eddie


----------



## eddie5659 (Mar 19, 2001)

Re-opened as user returned


----------



## eddie5659 (Mar 19, 2001)

Posting contents of the bootex.log:

+ System

- Provider

[ Name] Microsoft-Windows-Wininit 
[ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b} 
[ EventSourceName] Wininit

- EventID 1001

[ Qualifiers] 16384

Version 0

Level 4

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2012-01-06T23:47:35.000Z

EventRecordID 46509

Correlation

- Execution

[ ProcessID] 0 
[ ThreadID] 0

Channel Application

Computer Brad-PC

Security

- EventData

Checking file system on C: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. 264192 file records processed. 1222 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. The file reference 0xc00000003dcd0 of index entry 1324326426[1].htm of index $I30 with parent 0x3d784 is not the same as 0xd00000003dcd0. Deleting index entry 1324326426[1].htm in index $I30 of file 251780. The file reference 0xc00000003dcd0 of index entry 132432~1.HTM of index $I30 with parent 0x3d784 is not the same as 0xd00000003dcd0. Deleting index entry 132432~1.HTM in index $I30 of file 251780. 329218 index entries processed. 0 unindexed files processed. 264192 security descriptors processed. Cleaning up 1016 unused index entries from index $SII of file 0x9. Cleaning up 1016 unused index entries from index $SDH of file 0x9. Cleaning up 1016 unused security descriptors. 32514 data files processed. CHKDSK is verifying Usn Journal... 37478360 USN bytes processed. Usn Journal verification completed. Windows has checked the file system and found no problems. 233588735 KB total disk space. 222079304 KB in 217733 files. 124740 KB in 32515 indexes. 0 KB in bad sectors. 383923 KB in use by the system. 65536 KB occupied by the log file. 11000768 KB available on disk. 4096 bytes in each allocation unit. 58397183 total allocation units on disk. 2750192 allocation units available on disk. Internal Info: 00 08 04 00 94 d1 03 00 4b d5 06 00 00 00 00 00 ........K....... e4 5a 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 .Z..+........... 42 00 00 00 52 73 b3 77 50 84 27 00 50 7c 27 00 B...Rs.wP.'.P|'. Windows has finished checking your disk. Please wait while your computer restarts. Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. 264192 file records processed. 1222 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. 329218 index entries processed. 0 unindexed files processed. 264192 security descriptors processed. 32514 data files processed. CHKDSK is verifying Usn Journal... 37478576 USN bytes processed. Usn Journal verification completed. Windows has checked the file system and found no problems. 233588735 KB total disk space. 222079312 KB in 217734 files. 124740 KB in 32515 indexes. 0 KB in bad sectors. 383923 KB in use by the system. 65536 KB occupied by the log file. 11000760 KB available on disk. 4096 bytes in each allocation unit. 58397183 total allocation units on disk. 2750190 allocation units available on disk. Internal Info: 00 08 04 00 95 d1 03 00 4c d5 06 00 00 00 00 00 ........L....... e4 5a 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 .Z..+........... 42 00 00 00 52 73 71 77 50 84 3d 00 50 7c 3d 00 B...RsqwP.=.P|=. Windows has finished checking your disk. Please wait while your computer restarts.


----------



## eddie5659 (Mar 19, 2001)

That looks like it may have found the problems, does it still say its corrupt?


----------



## brad33 (May 31, 2011)

Yes


----------



## eddie5659 (Mar 19, 2001)

Okay, had a long read thru this thread, so lets look at some things.

Can you use SystemLook with the following script:


```
:filefind
*drprovs*
:regfind
HKEY_CURRENT_USER\SOFTWARE\XFFNHFHAM /sub
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN /sub
HKEY_LOCAL_MACHINE\SOFTWARE\XFFNHFHAM\ /sub
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\6 /sub
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\9 /sub
HKEY_CURRENT_USER\SOFTWARE\XFFNHFHAM\DFO /sub
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\6 /sub
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\9 /sub
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WZOSJZBVJH /sub
HKEY_LOCAL_MACHINE\SOFTWARE\XFFNHFHAM\DFO /sub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS /sub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\CATEGORYCOUNT /sub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\CATEGORYMESSAGEFILE /sub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\EVENTMESSAGEFILE /sub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\TYPESSUPPORTED /sub
```
And post the log.

Then, can you go to Windows Update to see if there are any updates, either critical or non-critical:

http://www.windowsupdate.microsoft.com

eddie


----------



## brad33 (May 31, 2011)

SystemLook 04.09.10 by jpshortstuff
Log created at 13:25 on 14/01/2012 by Brad
Administrator - Elevation successful

========== filefind ==========

Searching for "*drprovs*"
No files found.

========== regfind ==========

Searching for "HKEY_CURRENT_USER\SOFTWARE\XFFNHFHAM /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\XFFNHFHAM\ /sub"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\6 /sub"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\9 /sub"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\XFFNHFHAM\DFO /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\6 /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\9 /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WZOSJZBVJH /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE\XFFNHFHAM\DFO /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\CATEGORYCOUNT /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\CATEGORYMESSAGEFILE /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\EVENTMESSAGEFILE /sub"
No data found.

Searching for "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\EVENTLOG\APPLICATION\ESENT\TYPESSUPPORTED /sub"
No data found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a try with the .net framework clean up tool from here:

http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx

If you scroll down to *Download location*, there are two to choose from.

After running the tool, post the logs and let me know if that solves the corrupt error. You may need a reboot after.

eddie


----------



## brad33 (May 31, 2011)

Hey, I finally broke down and started over with Windows 7. Thanks for all the help with getting rid of all of those viruses  I even fixed a google redirect virus for someone in my family with that rootkit killer!


----------



## eddie5659 (Mar 19, 2001)

Seems a shame, but we had cleared out the malware a while back, it was just that blasted corrupt error popping up that was driving me mad 

Good to hear you solved someone elses problem as well :up:

If ever you have any other questions/problems, don't hesitate in asking 

Take care

eddie


----------

