Jump to content

Acme1970

Members
  • Content Count

    16
  • Joined

  • Last visited

About Acme1970

  • Rank
    Member
  1. I recently bought a new Modem because my old one was acting screwy (took up to 3 tries to connect at start-up, would reboot at random times), I don't think it's the new Modem itself because my ISP sent out a tech and he switched out my Modem for the same make and model (He also changed out the fittings in the box outside the house) but still the Internet is slow and erratic, But there is something kinda strange that happened when i first hooked up the Modem and Windows attemped to install it, It chose a new Network all on it's own (Network 7) as opposed to using the Network i always used (Network 4), The funny thing is Network 7 doesn't have an Internet connection and when i diagnosed the problem it reverts back to Network 4, Now i don't understand why i need a Network at all considering i don't have a Router or Wi-Fi as i only have one Computer, The ISP wire comes straight from the wall into the Modem and into my system via an Ethernet cable, Occasionally the modem goes back to Network 7 and i have to diagnose again, Is there some way to get rid of this mysterious Network 7, My DL speed is supposed to be 50Mbps but sometimes it drops down to 15, Sometimes to 35, Sometimes as high as 60, Webpages that used to take maybe 3 seconds to load now take 10-15 seconds yet some load instantly, I tried uninstalling the adapter, Flushing the DNS, I scanned the system using MS Security Essentials and Malewarebytes and there were no threats, The only thing i did besides installing a new Modem was to update Windows on May 29th, I booted up in Safe Mode with Networking and it was still slow, I'm running Windows 7 (64 bit), the Modem is a Cisco DPC3010, The adapter is a Realtek PCIe GBE Family Controller.
  2. I tried to do the Repair Install but it ended up being a full system reinstall, My Vista CD that came with the computer was more of a recovery CD, on the plus side however i can now update windows & everything seems to be working, Thank you very much for all you help
  3. I ran the scan using an admin command prompt & it said their were some corrupted files that it could not repair but it wouldn't let me view the log to see which files were corrupted, I typed in the command exactly as it was on the Microsoft support page but nothing happened.
  4. And heres the Checkup file Results of screen317's Security Check version 0.99.18 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware WinCleaner OneClick Professional Clean Version 11 Wise Registry Cleaner 5.9.4 Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log````````````
  5. Heres the 2 DDS files . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19088 Run by Alienware Area51 at 14:51:10 on 2011-07-27 . ============== Running Processes =============== . C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Users\Alienware Area51\Desktop\dds.com . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: microsoft.com\update DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{A2743B86-4CB8-41FC-A345-7A674018B1C4} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Hosts: 192.168.254.2 mykillernic . ============= SERVICES / DRIVERS =============== . R? AGWinService;AG Windows Service R? ahcix64;ahcix64 R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? cpuz130;cpuz130 R? dump_wmimmc;dump_wmimmc R? ENTECH64;ENTECH64 R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service R? Lavasoft Kernexplorer;Lavasoft helper driver R? NisDrv;Microsoft Network Inspection System R? NisSrv;Microsoft Network Inspection R? npggsvc;nProtect GameGuard Service R? PerfHost;Performance Counter DLL Host R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? wwEngineSvc;Window Washer Engine S? Killer Port Manager;Killer Port Manager S? Lbd;Lbd S? MpFilter;Microsoft Malware Protection Driver S? MpNWMon;Microsoft Malware Protection Network Driver S? mv61xx;mv61xx S? Nv834x64;Killer NIC Gaming Adapter Service S? NvEdge64;Killer NIC NDIS-Edge Service S? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-07-27 16:05:55 -------- d-----w- C:\Users\Alienware Area51\AppData\Local\ElevatedDiagnostics 2011-07-27 15:37:20 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65AF290E-0B56-4114-8CB8-D703EAE3C6FD}\mpengine.dll 2011-07-27 08:13:44 -------- d-----w- C:\HostsXpert 2011-07-27 07:44:09 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner 2011-07-27 01:35:58 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-27 01:32:50 -------- d-----w- C:\Users\Alienware Area51\AppData\Local\temp 2011-07-27 01:23:58 98816 ----a-w- C:\Windows\sed.exe 2011-07-27 01:23:58 518144 ----a-w- C:\Windows\SWREG.exe 2011-07-27 01:23:58 256000 ----a-w- C:\Windows\PEV.exe 2011-07-27 01:23:58 208896 ----a-w- C:\Windows\MBR.exe 2011-07-26 19:20:47 388096 ----a-r- C:\Users\Alienware Area51\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-26 18:45:11 -------- d-----w- C:\68c21fdeff6e3e202e 2011-07-26 16:57:37 -------- d-----w- C:\badc405d54d3060dc7f159 2011-07-26 16:54:31 -------- d-----w- C:\957f869c0f36ee4fbcaae671a956 2011-07-26 16:52:26 -------- d-----w- C:\Windows\System32\catroot2 2011-07-02 06:10:32 200216 ----a-w- C:\Windows\SysWow64\bfLLR.dll 2011-07-02 06:10:32 119296 ----a-w- C:\Windows\SysWow64\instLLR.exe 2011-07-02 06:06:18 127008 ----a-w- C:\Windows\System32\drivers\Nv834x64.sys 2011-07-02 06:06:17 26656 ----a-w- C:\Windows\System32\drivers\NvEdge64.sys 2011-07-01 15:39:07 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-07-01 15:37:42 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-07-01 15:37:35 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-07-01 00:35:55 -------- d-----w- C:\Users\Alienware Area51\AppData\Roaming\AVG 2011-06-30 23:13:01 -------- d-----w- C:\Users\Alienware Area51\AppData\Roaming\AVG10 2011-06-30 23:12:04 -------- d--h--w- C:\ProgramData\Common Files 2011-06-30 23:10:46 -------- d-----w- C:\ProgramData\AVG10 2011-06-30 23:09:44 -------- d-----w- C:\Program Files (x86)\AVG 2011-06-30 23:04:12 -------- d-----w- C:\ProgramData\MFAData 2011-06-30 23:00:49 -------- d-----w- C:\Program Files (x86)\SpywareBlaster . ==================== Find3M ==================== . 2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-05 17:04:57 270776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-07-05 17:04:57 270776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-06-30 20:56:07 270776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-06-09 20:35:58 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-06-07 20:16:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll 2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll 2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec 2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec 2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-26 09:29:24 388896 ----a-w- C:\Windows\System32\drivers\yk60x64.sys 2011-05-18 13:24:12 2760704 ----a-w- C:\Windows\System32\win32k.sys 2011-05-02 16:35:51 975360 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-02 15:58:28 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 13:12:26 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 13:12:20 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-29 13:11:56 135168 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-29 13:11:55 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-29 13:11:52 105984 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys . ============= FINISH: 14:51:23.27 =============== . ==== Installed Programs ====================== . Ad-Aware Adobe Acrobat 4.0 Adobe ActiveShare 1.2 Adobe Flash Player 10 ActiveX Adobe Reader 9.3.2 Aion Austerlitz - Napoleon’s Greatest Victory B17 - The Mighty Eighth Baldur's Gate Baldur's Gate II - Shadows of Amn Collectors CD Baldur's Gate II - Throne of Bhaal Barbarian Invasion Battlefield 2 Battlefield 2: Special Forces Battlefield 2142 Call of Duty® - World at War Call of Duty® - World at War 1.2 Patch Call of Duty® - World at War 1.3 Patch Call of Duty® - World at War 1.4 Patch Call of Duty® - World at War 1.5 Patch Call of Duty® - World at War 1.6 Patch Call of Duty® - World at War 1.7 Patch CDDRV_Installer Chessmaster Grandmaster Edition Close Combat The Longest Day Close Combat Wacht am Rhein Doom 3 Download Manager 2.3.9 Driver Sweeper 2.1.0 EA Download Manager Empire: Total War Empire: Total War - Special Forces Unit FontFrenzy 1.51 Fraps Futuremark SystemInfo Game Booster Gary Grigsby's World At War Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast HiJackThis Host OpenAL (ADI) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Icewind Dale Icewind Dale - Heart of Winter IL-2 Manager 5.0 PF IL-2 Shturmovik Stab (1946) IL-2 Sturmovik 1946 IL2-MAT Manager John Tiller's Campaign Series Kazoo Player Killer Driver Lizardtech DjVu Control (autoinstall) Logitech SetPoint Malwarebytes' Anti-Malware version 1.51.1.1800 Marvell Miniport Driver Medieval II Total War Medieval II Total War : Kingdoms : Americas Medieval II Total War : Kingdoms : Britannia Medieval II Total War : Kingdoms : Crusades Medieval II Total War : Kingdoms : Teutonic Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Age of Empires Microsoft Age of Empires Expansion Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Classic Board Games Microsoft Rise Of Nations Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# .NET Redistributable Package 1.1 Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 NCsoft Launcher Nero 7 Essentials No One Lives Forever 2 NVIDIA PhysX Paint Shop Pro 7 PC Matic 1.0.0.0 PC Pitstop Disk MD 2.0 PC Pitstop Driver Alert 1.0.0.13 PC Pitstop Exterminate2 2.0 PC Pitstop Optimize3 3.0 Portal PowerDVD Rise of Nations Thrones and Patriots Rome - Total War Safecracker Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Shogun - Total War - Warlord Edition Sid Meier's Antietam Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords Silent Hunter 4 Wolves of the Pacific Silent Hunter III Skype Toolbars Skype™ 5.3 SoundMAX SpywareBlaster 4.4 Star Wars® Knights of the Old Republic® II: The Sith Lords Star Wars®: Knights of the Old Republic StarCalc 5.73 Steam System Requirements Lab Team Fortress 2 The Operational Art of War III The Sims 2 Open For Business The Sims 2 Pets The Sims Complete Collection The Sims™ 2 Double Deluxe The Sims™ 2 FreeTime The Sims™ 2 Kitchen & Bath Interior Design Stuff Total War: SHOGUN 2 ubi.com Uncommon Valor v2.0 Uninstall Startup Inspector Unlocker 1.8.9 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) VC 9.0 Runtime Vista Shortcut Manager Visual Studio 2008 x64 Redistributables War in the Pacific Admiral's Edition Warhammer Online - Age of Reckoning Waterloo - Napoleon's Last Battle Waterloo - NLB Version 1.001 Patch Waterloo - NLB Version 1.002 Patch WinCleaner OneClick Professional Clean Version 11 Window Washer WinRAR archiver Wise Registry Cleaner 5.9.4 Wolfenstein Wolfenstein 1.1 Patch Wolfenstein 1.1 Patch World of Warcraft Zoom Cable Modem . ==== End Of File ===========================
  6. I have all 3 files but i can't find the Attachments area & do you want the Attach.txt file uploaded as a txt file or in a zip file, DDS said at the end of the scan to Zip the file
  7. No i still can't update yet, The text that came up was a sample host file when i clicked Restore MS Hosts File, On the plus side that weird 1 - Hosts: ÿþ1 entry in my HijackThis log file is now gone
  8. Thank you for helping me out, I downloaded the program you suggested & ran it, I clicked thr Restore MS hosts File button & i assume the Replace button is the one located in the Import Options drop menu, When i clicked on the Replace button a select file box popped up but the File Name & File Type areas were blank & the default directory for this box was the folder where HostsXpert is located, What do i type in the File Name & File Type box?
  9. I'm not sure whats wrong but my computer is running slow & funny, I can't update windows, The system starts slow & some things take awhile to run, I ran 4 different Virus/Malware scans & nothing showed to be wrong, I used Hijack This & printed out a log file, Could someone take a look & please tell me if anything on here is bad, Thank you Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:21:20 PM, on 7/26/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ÿþ1 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: KillerTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- End of file - 8209 bytes
  10. The system seems to be running fine, Here are the 2 log files All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Alienware Area51 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 16381657 bytes ->Flash cache emptied: 53184 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 799640 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 597 bytes Total Files Cleaned = 17.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 07032010_223119 Files\Folders moved on Reboot... C:\Users\Alienware Area51\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3DCZ3T32\index[1].htm moved successfully. C:\Users\Alienware Area51\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\Alienware Area51\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPXWA5R2\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZZFZAPJ\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0N1UCWG\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FYL28NM\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... OTL logfile created on: 7/3/2010 10:41:43 PM - Run 4 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alienware Area51\Documents 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 80.00% Memory free 14.00 Gb Paging File | 13.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.19 Gb Total Space | 226.13 Gb Free Space | 49.90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALIENWAREARE-PC Current User Name: Alienware Area51 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Alienware Area51\Documents\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Alienware Area51\Documents\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Killer Port Manager) -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe () SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (wwEngineSvc) -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 06:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (ahcix64) -- C:\Windows\SysNative\drivers\ahcix64.sys () DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys () DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys () DRV:64bit: - (Nv834x64) -- C:\Windows\SysNative\DRIVERS\nv834x64.sys () DRV:64bit: - (NvEdge64) -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys () DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys () DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys () DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys () DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\jgogo.sys () DRV - (TPM) -- C:\Windows\SysWOW64\tpm.msc () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (pcx1unic) -- C:\Windows\SysWOW64\drivers\pcx1unic.sys (MCCI) DRV - (pcx1nd5) -- C:\Windows\SysWOW64\drivers\pcx1nd5.sys (MCCI) DRV - (Serial) -- C:\Windows\SysWOW64\Serial.ocx (FlashPoint Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/03 20:50:02 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/07/03 22:36:25 | 000,000,032 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: റㄊ㈹ㄮ㠶㈮㐵㈮洠歹汩敬湲捩਍ O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\BfLLR.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll () O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll () O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll () O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll () O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll () O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll () O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll () O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll () O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll () O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll () O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll () O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll () O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll () O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll () O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll () O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll () O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll () O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll () O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll () O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll () O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll () O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll () O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll () O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 22:31:19 | 000,000,000 | ---D | C] -- C:\_OTL [2010/07/01 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/07/01 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Roaming\Malwarebytes [2010/07/01 20:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/07/01 20:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/01 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/07/01 20:57:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alienware Area51\Documents\mbam-setup.exe [2010/06/29 10:40:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010/06/29 10:40:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010/06/29 10:40:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010/06/29 10:40:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010/06/29 10:40:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010/06/29 10:40:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010/06/29 10:40:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010/06/29 10:40:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010/06/29 10:40:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010/06/29 10:40:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010/06/29 10:40:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010/06/29 10:38:32 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2010/06/29 10:38:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2010/06/29 10:38:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2010/06/29 10:38:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2010/06/29 10:38:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2010/06/29 10:38:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll [2010/06/29 10:38:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2010/06/29 10:38:31 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2010/06/29 10:38:31 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2010/06/29 10:38:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2010/06/29 10:38:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2010/06/29 10:38:31 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2010/06/29 10:38:31 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2010/06/29 10:38:30 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2010/06/29 10:38:30 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe [2010/06/29 10:38:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2010/06/29 10:38:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2010/06/29 10:38:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2010/06/29 10:38:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010/06/29 10:38:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010/06/29 10:38:29 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2010/06/29 10:38:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010/06/29 10:38:29 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010/06/29 10:38:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010/06/29 10:38:29 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2010/06/29 10:38:29 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe [2010/06/29 10:38:29 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2010/06/29 10:38:29 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2010/06/29 10:38:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2010/06/29 10:38:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe [2010/06/29 10:38:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2010/06/29 10:37:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010/06/29 10:37:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010/06/29 10:37:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010/06/29 10:37:00 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2010/06/29 10:37:00 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2010/06/29 10:36:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/29 10:36:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/29 10:36:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/29 10:36:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/29 10:36:31 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/06/29 10:36:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/06/29 10:03:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/08 10:41:29 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/06/08 10:41:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/06/08 10:41:24 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010/06/08 10:41:23 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/06/08 10:40:28 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010/06/08 10:36:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm ========== Files - Modified Within 30 Days ========== [2010/07/03 22:41:05 | 007,602,176 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT [2010/07/03 22:37:01 | 000,000,160 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Bandwidth.xml [2010/07/03 22:36:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/03 22:36:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/03 22:36:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/03 22:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/03 22:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010/07/03 22:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/07/03 22:34:56 | 005,289,486 | -H-- | M] () -- C:\Users\Alienware Area51\AppData\Local\IconCache.db [2010/07/03 10:07:04 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/07/03 10:07:04 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/07/03 10:07:04 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/07/02 15:43:37 | 000,044,909 | ---- | M] () -- C:\Users\Alienware Area51\Documents\_NPCScan-3.3.5.2.zip [2010/07/02 14:57:04 | 000,088,442 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/07/01 20:58:49 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/01 20:57:29 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alienware Area51\Documents\mbam-setup.exe [2010/06/30 16:38:40 | 000,079,245 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/29 20:43:57 | 000,000,214 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\wowhead Best when viewed!.url [2010/06/29 11:14:45 | 000,003,828 | ---- | M] () -- C:\Users\Alienware Area51\Documents\KillerWallConfig.xml [2010/06/29 11:14:45 | 000,000,937 | ---- | M] () -- C:\Users\Alienware Area51\Documents\removeexceptions [2010/06/29 11:14:45 | 000,000,937 | ---- | M] () -- C:\Users\Alienware Area51\Documents\exceptions [2010/06/29 10:46:14 | 000,000,973 | ---- | M] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/28 11:10:57 | 000,001,089 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff.rtf [2010/06/17 22:32:36 | 000,000,839 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/13 22:19:15 | 000,001,176 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Warrior Stuff.rtf [2010/06/08 10:52:49 | 000,285,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/07/02 15:43:37 | 000,044,909 | ---- | C] () -- C:\Users\Alienware Area51\Documents\_NPCScan-3.3.5.2.zip [2010/07/01 20:58:49 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/01 20:58:45 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010/06/29 10:40:04 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2010/06/29 10:40:04 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2010/06/29 10:40:03 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2010/06/29 10:40:03 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2010/06/29 10:40:03 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2010/06/29 10:40:03 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2010/06/29 10:40:03 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2010/06/29 10:40:03 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2010/06/29 10:40:03 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2010/06/29 10:40:02 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2010/06/29 10:40:02 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2010/06/29 10:40:02 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2010/06/29 10:40:02 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2010/06/29 10:40:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2010/06/29 10:40:02 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2010/06/29 10:40:02 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2010/06/29 10:40:02 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2010/06/29 10:40:02 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2010/06/29 10:40:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2010/06/29 10:40:01 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2010/06/29 10:40:01 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2010/06/29 10:40:00 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2010/06/29 10:39:59 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2010/06/29 10:38:32 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll [2010/06/29 10:38:32 | 000,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll [2010/06/29 10:38:32 | 000,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll [2010/06/29 10:38:32 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll [2010/06/29 10:38:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll [2010/06/29 10:38:32 | 000,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx [2010/06/29 10:38:32 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll [2010/06/29 10:38:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll [2010/06/29 10:38:31 | 000,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll [2010/06/29 10:38:31 | 000,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2010/06/29 10:38:31 | 000,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll [2010/06/29 10:38:31 | 000,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll [2010/06/29 10:38:31 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe [2010/06/29 10:38:31 | 000,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll [2010/06/29 10:38:31 | 000,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2010/06/29 10:38:30 | 000,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll [2010/06/29 10:38:30 | 000,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe [2010/06/29 10:38:30 | 000,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2010/06/29 10:38:30 | 000,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll [2010/06/29 10:38:30 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll [2010/06/29 10:38:30 | 000,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe [2010/06/29 10:38:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2010/06/29 10:38:30 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe [2010/06/29 10:38:30 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe [2010/06/29 10:38:30 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2010/06/29 10:38:30 | 000,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe [2010/06/29 10:38:29 | 003,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat [2010/06/29 10:38:29 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2010/06/29 10:38:29 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2010/06/29 10:38:29 | 000,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec [2010/06/29 10:38:29 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe [2010/06/29 10:38:29 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll [2010/06/29 10:38:29 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll [2010/06/29 10:37:02 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax [2010/06/29 10:37:02 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax [2010/06/29 10:37:01 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll [2010/06/29 10:37:00 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll [2010/06/29 10:37:00 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax [2010/06/29 10:36:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll [2010/06/29 10:36:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll [2010/06/29 10:36:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe [2010/06/29 10:36:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/29 10:36:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll [2010/06/29 10:36:31 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/06/29 10:36:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2010/06/27 12:09:10 | 000,079,245 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/17 20:58:44 | 000,000,839 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/08 10:41:38 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010/06/08 10:41:36 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll [2010/06/08 10:41:36 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys [2010/06/08 10:41:33 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010/06/08 10:41:30 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2010/06/08 10:41:29 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2010/06/08 10:41:29 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2010/06/08 10:41:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2010/06/08 10:41:26 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2010/06/08 10:41:26 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2010/06/08 10:41:26 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2010/06/08 10:41:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll [2010/06/08 10:41:24 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2010/06/08 10:41:23 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll [2010/06/08 10:40:28 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2010/06/08 10:38:32 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll [2010/06/08 10:36:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2010/06/04 10:13:13 | 000,088,442 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/05/01 15:23:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/05/01 15:23:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010/05/01 15:23:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2009/11/21 14:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2009/11/09 10:59:06 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini [2009/02/18 08:34:30 | 000,003,102 | ---- | C] () -- C:\Windows\Gs.ini [2009/02/16 14:46:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/02/15 08:48:52 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009/02/15 08:48:52 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009/02/15 08:48:31 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2009/02/06 15:03:43 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini [2009/02/05 12:19:44 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/02/04 10:39:10 | 000,248,832 | ---- | C] () -- C:\Windows\SysWow64\ECircles.dll [2009/02/04 10:39:10 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\SoyWeb.dll [2009/02/04 10:38:15 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\Dc50ip32.dll [2009/02/04 10:38:15 | 000,065,864 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys [2009/02/04 10:38:15 | 000,007,808 | ---- | C] () -- C:\Windows\SysWow64\dc240u.sys [2009/02/04 10:38:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ImgLibLead.dll [2009/02/04 10:38:12 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2009/02/04 00:50:15 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll<
  11. Here are all the files Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4266 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18928 7/1/2010 9:01:57 PM mbam-log-2010-07-01 (21-01-57).txt Scan type: Quick scan Objects scanned: 127684 Time elapsed: 2 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) C:\Users\Alienware Area51\Documents\New Folder\unlocker1.8.9.exe Win32/Adware.ADON application deleted - quarantined OTL logfile created on: 7/1/2010 11:35:12 PM - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alienware Area51\Documents 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free 14.00 Gb Paging File | 12.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.19 Gb Total Space | 227.67 Gb Free Space | 50.24% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALIENWAREARE-PC Current User Name: Alienware Area51 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe PRC - [2010/02/26 01:05:51 | 000,189,232 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2009/06/21 10:47:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (SafeList) ========== MOD - [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008/09/03 13:44:32 | 000,316,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager) SRV:64bit: - [2008/07/14 21:09:48 | 000,111,616 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/02/26 01:05:51 | 000,189,232 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2009/12/28 22:35:57 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/08/30 12:17:30 | 003,407,412 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2009/06/21 10:47:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc) SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/01/08 11:23:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2008/09/10 13:24:40 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2008/07/29 12:15:28 | 000,146,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64.sys -- (ahcix64) DRV:64bit: - [2008/07/09 19:01:46 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008/06/23 15:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2008/05/14 16:02:10 | 000,121,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nv834x64.sys -- (Nv834x64) DRV:64bit: - [2008/05/14 10:17:18 | 000,026,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys -- (NvEdge64) DRV:64bit: - [2008/04/15 14:54:16 | 000,388,120 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008/01/20 19:46:59 | 000,054,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/11/16 11:07:06 | 000,141,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007/04/11 21:18:26 | 000,071,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2007/04/11 15:35:46 | 000,040,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2007/04/11 15:35:30 | 000,056,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2007/04/11 15:35:22 | 000,053,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2006/11/02 10:51:00 | 000,151,656 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV:64bit: - [2006/02/07 16:53:22 | 000,008,704 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\jgogo.sys -- (JGOGO) DRV - [2006/09/18 14:44:13 | 000,144,862 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\tpm.msc -- (TPM) DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2001/11/09 06:45:08 | 000,069,024 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pcx1unic.sys -- (pcx1unic) DRV - [2001/11/09 06:45:08 | 000,017,376 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pcx1nd5.sys -- (pcx1nd5) DRV - [1999/11/05 14:18:48 | 000,054,272 | ---- | M] (FlashPoint Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\Serial.ocx -- (Serial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/07/01 08:22:02 | 000,000,788 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 192.168.254.2 mykillernic O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\BfLLR.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:08:35 | 000,000,000 | ---D | M] CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/07/01 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/07/01 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Roaming\Malwarebytes [2010/07/01 20:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/07/01 20:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/01 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/07/01 20:57:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alienware Area51\Documents\mbam-setup.exe [2010/06/29 10:03:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/02 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\Documents\Emchance sim [2010/06/01 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Local\Rawr [2010/06/01 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\Documents\Rawr v2.3.18 [2010/05/01 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War [2010/04/20 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Local\Threat Expert [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/07/01 23:35:05 | 007,602,176 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT [2010/07/01 22:21:55 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/01 22:21:55 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/01 20:58:49 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/01 20:57:29 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alienware Area51\Documents\mbam-setup.exe [2010/07/01 08:28:03 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/07/01 08:28:03 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/07/01 08:28:03 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/07/01 08:22:12 | 000,000,160 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Bandwidth.xml [2010/07/01 08:21:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/01 08:21:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/01 00:54:06 | 000,524,288 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010/07/01 00:54:06 | 000,065,536 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/07/01 00:54:00 | 005,289,966 | -H-- | M] () -- C:\Users\Alienware Area51\AppData\Local\IconCache.db [2010/06/30 16:38:40 | 000,079,245 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/29 20:43:57 | 000,000,214 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\wowhead Best when viewed!.url [2010/06/29 11:14:45 | 000,003,828 | ---- | M] () -- C:\Users\Alienware Area51\Documents\KillerWallConfig.xml [2010/06/29 11:14:45 | 000,000,937 | ---- | M] () -- C:\Users\Alienware Area51\Documents\removeexceptions [2010/06/29 11:14:45 | 000,000,937 | ---- | M] () -- C:\Users\Alienware Area51\Documents\exceptions [2010/06/29 10:46:14 | 000,000,973 | ---- | M] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/28 11:10:57 | 000,001,089 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff.rtf [2010/06/27 13:09:51 | 000,088,367 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/06/17 22:32:36 | 000,000,839 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/13 22:19:15 | 000,001,176 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Warrior Stuff.rtf [2010/06/08 10:52:49 | 000,285,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/02 21:04:19 | 000,000,845 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Shaman Priority.rtf [2010/05/29 23:06:08 | 000,000,007 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\New Rich Text Document.rtf [2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll [2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll [2010/05/22 00:55:31 | 000,067,584 | ---- | M] () -- C:\Users\Alienware Area51\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/08 21:19:54 | 000,000,831 | ---- | M] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk [2010/05/08 16:29:23 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010/05/08 15:50:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/05/03 23:54:49 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll [2010/05/03 23:52:45 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll [2010/05/03 23:52:04 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl [2010/05/03 23:51:49 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll [2010/05/03 23:51:49 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll [2010/05/03 23:51:48 | 002,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll [2010/05/03 23:51:48 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll [2010/05/03 23:51:48 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll [2010/05/03 23:51:47 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll [2010/05/03 22:01:59 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe [2010/05/03 22:01:39 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe [2010/05/03 22:01:04 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe [2010/05/03 20:39:09 | 000,057,667 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2010/05/03 19:58:45 | 000,057,667 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2010/05/01 15:24:19 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/05/01 15:24:19 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll [2010/05/01 15:24:19 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll [2010/05/01 14:40:12 | 000,000,662 | ---- | M] () -- C:\Windows\eReg.dat [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/24 11:11:42 | 000,072,872 | ---- | M] () -- C:\Users\Alienware Area51\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/21 13:21:56 | 000,000,867 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Shaman PvP gems.rtf [2010/04/20 11:04:52 | 360,453,908 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Backup.reg [2010/04/20 09:42:14 | 000,000,020 | ---- | M] () -- C:\Users\Alienware Area51\Documents\aionmemo_2ca4e8 d.dat [2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll [2010/04/16 09:35:56 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll [2010/04/16 07:50:22 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/04/14 11:35:26 | 000,375,808 | ---- | M] () -- C:\Windows\SysNative\psisdecd.dll [2010/04/14 11:35:24 | 000,289,792 | ---- | M] () -- C:\Windows\SysNative\psisrndr.ax [2010/04/14 11:35:23 | 000,558,592 | ---- | M] () -- C:\Windows\SysNative\EncDec.dll [2010/04/14 11:33:49 | 000,101,376 | ---- | M] () -- C:\Windows\SysNative\MSNP.ax [2010/04/14 11:33:13 | 000,227,328 | ---- | M] () -- C:\Windows\SysNative\mpg2splt.ax [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/01 20:58:49 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/01 20:58:45 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010/06/29 10:40:04 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2010/06/29 10:40:04 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2010/06/29 10:40:03 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2010/06/29 10:40:03 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2010/06/29 10:40:03 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2010/06/29 10:40:03 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2010/06/29 10:40:03 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2010/06/29 10:40:03 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2010/06/29 10:40:03 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2010/06/29 10:40:02 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2010/06/29 10:40:02 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2010/06/29 10:40:02 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2010/06/29 10:40:02 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2010/06/29 10:40:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2010/06/29 10:40:02 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2010/06/29 10:40:02 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2010/06/29 10:40:02 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2010/06/29 10:40:02 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2010/06/29 10:40:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2010/06/29 10:40:01 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2010/06/29 10:40:01 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2010/06/29 10:40:00 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2010/06/29 10:39:59 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2010/06/29 10:38:32 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll [2010/06/29 10:38:32 | 000,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll [2010/06/29 10:38:32 | 000,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll [2010/06/29 10:38:32 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll [2010/06/29 10:38:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll [2010/06/29 10:38:32 | 000,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx [2010/06/29 10:38:32 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll [2010/06/29 10:38:32 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll [2010/06/29 10:38:31 | 000,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll [2010/06/29 10:38:31 | 000,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2010/06/29 10:38:31 | 000,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll [2010/06/29 10:38:31 | 000,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll [2010/06/29 10:38:31 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe [2010/06/29 10:38:31 | 000,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll [2010/06/29 10:38:31 | 000,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2010/06/29 10:38:30 | 000,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll [2010/06/29 10:38:30 | 000,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe [2010/06/29 10:38:30 | 000,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2010/06/29 10:38:30 | 000,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll [2010/06/29 10:38:30 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll [2010/06/29 10:38:30 | 000,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe [2010/06/29 10:38:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2010/06/29 10:38:30 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe [2010/06/29 10:38:30 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe [2010/06/29 10:38:30 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2010/06/29 10:38:30 | 000,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe [2010/06/29 10:38:29 | 003,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat [2010/06/29 10:38:29 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2010/06/29 10:38:29 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2010/06/29 10:38:29 | 000,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec [2010/06/29 10:38:29 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe [2010/06/29 10:38:29 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll [2010/06/29 10:38:29 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll [2010/06/29 10:37:02 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax [2010/06/29 10:37:02 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax [2010/06/29 10:37:01 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll [2010/06/29 10:37:00 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll [2010/06/29 10:37:00 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax [2010/06/29 10:36:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll [2010/06/29 10:36:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll [2010/06/29 10:36:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe [2010/06/29 10:36:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/29 10:36:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll [2010/06/29 10:36:31 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/06/29 10:36:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2010/06/27 12:09:10 | 000,079,245 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/17 20:58:44 | 000,000,839 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/08 10:41:38 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010/06/08 10:41:36 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll [2010/06/08 10:41:36 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys [2010/06/08 10:41:33 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010/06/08 10:41:30 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2010/06/08 10:41:29 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2010/06/08 10:41:29 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2010/06/08 10:41:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2010/06/08 10:41:26 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2010/06/08 10:41:26 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2010/06/08 10:41:26 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2010/06/08 10:41:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll [2010/06/08 10:41:24 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2010/06/08 10:41:23 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll [2010/06/08 10:40:28 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2010/06/08 10:38:32 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll [2010/06/08 10:36:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2010/06/04 10:13:13 | 000,088,367 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/06/02 21:04:19 | 000,000,845 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Shaman Priority.rtf [2010/05/29 23:21:07 | 000,001,089 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff.rtf [2010/05/29 23:20:55 | 000,001,176 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Warrior Stuff.rtf [2010/05/29 23:06:08 | 000,000,007 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\New Rich Text Document.rtf [2010/05/08 21:19:54 | 000,000,831 | ---- | C] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk [2010/05/01 15:23:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/05/01 15:23:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010/05/01 15:23:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010/05/01 14:40:12 | 000,000,662 | ---- | C] () -- C:\Windows\eReg.dat [2010/04/21 13:21:56 | 000,000,867 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Shaman PvP gems.rtf [2010/04/20 11:21:37 | 000,010,646 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistUI22BE.txt [2010/04/20 11:21:36 | 000,424,252 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistMSI22BB.txt [2010/04/20 11:21:36 | 000,011,394 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistUI22BB.txt [2010/04/20 11:04:44 | 360,453,908 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Backup.reg [2009/11/21 14:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2009/11/09 10:59:06 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini [2009/02/18 08:34:30 | 000,003,102 | ---- | C] () -- C:\Windows\Gs.ini [2009/02/16 14:46:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/02/15 08:48:52 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009/02/15 08:48:52 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009/02/15 08:48:31 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2009/02/06 15:03:43 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini [2009/02/05 12:19:44 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/02/04 10:39:10 | 000,248,832 | ---- | C] () -- C:\Windows\SysWow64\ECircles.dll [2009/02/04 10:39:10 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\SoyWeb.dll [2009/02/04 10:38:15 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\Dc50ip32.dll [2009/02/04 10:38:15 | 000,065,864 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys [2009/02/04 10:38:15 | 000,007,808 | ---- | C] () -- C:\Windows\SysWow64\dc240u.sys [2009/02/04 10:38:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ImgLibLead.dll [2009/02/04 10:38:12 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2009/02/04 00:50:15 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/02/04 00:50:15 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2009/01/28 06:14:32 | 000,000,274 | ---- | C] () -- C:\Windows\AWACT.dll [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2004/07/10 17:55:38 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\wsiShared.dll ========== LOP Check ========== [2009/02/04 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\agi [2009/03/28 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\Business Logic [2009/09/05 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\GetRightToGo [2009/02/07 10:57:13 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\My Games [2010/01/16 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\The Creative Assembly [2009/02/15 08:48:32 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\ubi.com [2009/02/04 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\Webshots [2009/06/22 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\wsInspector [2010/07/01 00:54:08 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/02/26 22:14:17 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=23C24A7781720E9271E34FC8354847B8 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22123_none_16a8869090396e61\AGP440.sys [2008/02/26 21:35:26 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=A193A748AE9462C96E921C8AF9979B53 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20780_none_147e678493463911\AGP440.sys [2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 3552 bytes -> C:\Windows\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  12. I did as you said, here are the 2 files OTL logfile created on: 6/29/2010 10:23:36 AM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alienware Area51\Documents 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 75.00% Memory free 14.00 Gb Paging File | 12.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.19 Gb Total Space | 224.62 Gb Free Space | 49.56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALIENWAREARE-PC Current User Name: Alienware Area51 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe PRC - [2010/02/26 01:05:51 | 000,189,232 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2009/06/21 10:47:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2008/01/20 19:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe ========== Modules (SafeList) ========== MOD - [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008/09/03 13:44:32 | 000,316,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager) SRV:64bit: - [2008/07/14 21:09:48 | 000,111,616 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/02/26 01:05:51 | 000,189,232 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2009/12/28 22:35:57 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/08/30 12:17:30 | 003,407,412 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2009/06/21 10:47:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc) SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/01/08 11:23:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008/09/17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2008/09/10 13:24:40 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2008/07/29 12:15:28 | 000,146,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64.sys -- (ahcix64) DRV:64bit: - [2008/07/09 19:01:46 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008/06/23 15:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2008/05/14 16:02:10 | 000,121,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nv834x64.sys -- (Nv834x64) DRV:64bit: - [2008/05/14 10:17:18 | 000,026,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys -- (NvEdge64) DRV:64bit: - [2008/04/15 14:54:16 | 000,388,120 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008/01/20 19:46:59 | 000,054,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/11/16 11:07:06 | 000,141,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007/04/11 21:18:26 | 000,071,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2007/04/11 15:35:46 | 000,040,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2007/04/11 15:35:30 | 000,056,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2007/04/11 15:35:22 | 000,053,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2006/11/02 10:51:00 | 000,151,656 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV:64bit: - [2006/02/07 16:53:22 | 000,008,704 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\jgogo.sys -- (JGOGO) DRV - [2006/09/18 14:44:13 | 000,144,862 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\tpm.msc -- (TPM) DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2001/11/09 06:45:08 | 000,069,024 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pcx1unic.sys -- (pcx1unic) DRV - [2001/11/09 06:45:08 | 000,017,376 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pcx1nd5.sys -- (pcx1nd5) DRV - [1999/11/05 14:18:48 | 000,054,272 | ---- | M] (FlashPoint Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\Serial.ocx -- (Serial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/06/29 10:00:33 | 000,000,788 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 192.168.254.2 mykillernic O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\BfLLR.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\BfLLR.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Alienware Area51\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:08:35 | 000,000,000 | ---D | M] CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/06/29 10:03:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/02 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\Documents\Emchance sim [2010/06/01 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Local\Rawr [2010/06/01 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\Documents\Rawr v2.3.18 [2010/05/01 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War [2010/04/20 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\Alienware Area51\AppData\Local\Threat Expert [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/06/29 10:23:40 | 007,602,176 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT [2010/06/29 10:07:44 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/29 10:07:44 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/29 10:07:44 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/29 10:03:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alienware Area51\Documents\OTL.exe [2010/06/29 10:00:52 | 000,000,160 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Bandwidth.xml [2010/06/29 10:00:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/29 10:00:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/29 10:00:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/29 10:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/29 00:44:03 | 000,524,288 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010/06/29 00:44:03 | 000,065,536 | -HS- | M] () -- C:\Users\Alienware Area51\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/06/29 00:43:57 | 005,294,509 | -H-- | M] () -- C:\Users\Alienware Area51\AppData\Local\IconCache.db [2010/06/28 21:07:49 | 000,003,352 | ---- | M] () -- C:\Users\Alienware Area51\Documents\KillerWallConfig.xml [2010/06/28 21:07:49 | 000,000,841 | ---- | M] () -- C:\Users\Alienware Area51\Documents\removeexceptions [2010/06/28 21:07:49 | 000,000,841 | ---- | M] () -- C:\Users\Alienware Area51\Documents\exceptions [2010/06/28 11:10:57 | 000,001,089 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff.rtf [2010/06/27 20:21:50 | 000,079,186 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/27 13:09:51 | 000,088,367 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/06/17 22:32:36 | 000,000,839 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/13 22:19:15 | 000,001,176 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Warrior Stuff.rtf [2010/06/08 10:52:49 | 000,285,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/02 21:04:19 | 000,000,845 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Shaman Priority.rtf [2010/05/29 23:06:08 | 000,000,007 | ---- | M] () -- C:\Users\Alienware Area51\Desktop\New Rich Text Document.rtf [2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll [2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll [2010/05/22 00:55:31 | 000,067,584 | ---- | M] () -- C:\Users\Alienware Area51\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/08 21:19:54 | 000,000,831 | ---- | M] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk [2010/05/08 16:29:23 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010/05/08 15:50:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/05/04 12:16:22 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll [2010/05/04 12:14:31 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll [2010/05/04 12:14:22 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll [2010/05/04 12:12:27 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll [2010/05/04 12:12:27 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll [2010/05/04 12:12:17 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll [2010/05/04 12:12:16 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll [2010/05/04 12:12:16 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll [2010/05/04 10:53:47 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec [2010/05/04 10:27:37 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe [2010/05/01 15:24:19 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/05/01 15:24:19 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll [2010/05/01 15:24:19 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll [2010/05/01 14:40:12 | 000,000,662 | ---- | M] () -- C:\Windows\eReg.dat [2010/04/24 11:11:42 | 000,072,872 | ---- | M] () -- C:\Users\Alienware Area51\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/21 13:21:56 | 000,000,867 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Shaman PvP gems.rtf [2010/04/20 11:04:52 | 360,453,908 | ---- | M] () -- C:\Users\Alienware Area51\Documents\Backup.reg [2010/04/20 09:42:14 | 000,000,020 | ---- | M] () -- C:\Users\Alienware Area51\Documents\aionmemo_2ca4e8 d.dat [2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/27 12:09:10 | 000,079,186 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Daemonicus.xml [2010/06/17 20:58:44 | 000,000,839 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff DPS.rtf [2010/06/08 10:41:47 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2010/06/08 10:41:46 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2010/06/08 10:41:45 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2010/06/08 10:41:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2010/06/08 10:41:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2010/06/08 10:41:44 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2010/06/08 10:41:44 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2010/06/08 10:41:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2010/06/08 10:41:44 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2010/06/08 10:41:44 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2010/06/08 10:41:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2010/06/08 10:41:44 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2010/06/08 10:41:43 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2010/06/08 10:41:43 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2010/06/08 10:41:43 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec [2010/06/08 10:41:43 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll [2010/06/08 10:41:43 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2010/06/08 10:41:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2010/06/08 10:41:38 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010/06/08 10:41:36 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll [2010/06/08 10:41:36 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys [2010/06/08 10:41:33 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010/06/08 10:41:30 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2010/06/08 10:41:29 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2010/06/08 10:41:29 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2010/06/08 10:41:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2010/06/08 10:41:26 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2010/06/08 10:41:26 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2010/06/08 10:41:26 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2010/06/08 10:41:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll [2010/06/08 10:41:24 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2010/06/08 10:41:23 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll [2010/06/08 10:41:22 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2010/06/08 10:40:28 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2010/06/08 10:38:32 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll [2010/06/08 10:36:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2010/06/04 10:13:13 | 000,088,367 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Greyfang.xml [2010/06/02 21:04:19 | 000,000,845 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Shaman Priority.rtf [2010/05/29 23:21:07 | 000,001,089 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\Warrior Stuff.rtf [2010/05/29 23:20:55 | 000,001,176 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Warrior Stuff.rtf [2010/05/29 23:06:08 | 000,000,007 | ---- | C] () -- C:\Users\Alienware Area51\Desktop\New Rich Text Document.rtf [2010/05/08 21:19:54 | 000,000,831 | ---- | C] () -- C:\Users\Alienware Area51\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk [2010/05/01 15:23:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/05/01 15:23:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010/05/01 15:23:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010/05/01 14:40:12 | 000,000,662 | ---- | C] () -- C:\Windows\eReg.dat [2010/04/21 13:21:56 | 000,000,867 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Shaman PvP gems.rtf [2010/04/20 11:21:37 | 000,010,646 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistUI22BE.txt [2010/04/20 11:21:36 | 000,424,252 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistMSI22BB.txt [2010/04/20 11:21:36 | 000,011,394 | ---- | C] () -- C:\Users\Alienware Area51\AppData\Local\dd_vcredistUI22BB.txt [2010/04/20 11:04:44 | 360,453,908 | ---- | C] () -- C:\Users\Alienware Area51\Documents\Backup.reg [2009/11/21 14:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2009/11/09 10:59:06 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini [2009/02/18 08:34:30 | 000,003,102 | ---- | C] () -- C:\Windows\Gs.ini [2009/02/16 14:46:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/02/15 08:48:52 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009/02/15 08:48:52 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009/02/15 08:48:31 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2009/02/06 15:03:43 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini [2009/02/05 12:19:44 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/02/04 10:39:10 | 000,248,832 | ---- | C] () -- C:\Windows\SysWow64\ECircles.dll [2009/02/04 10:39:10 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\SoyWeb.dll [2009/02/04 10:38:15 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\Dc50ip32.dll [2009/02/04 10:38:15 | 000,065,864 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys [2009/02/04 10:38:15 | 000,007,808 | ---- | C] () -- C:\Windows\SysWow64\dc240u.sys [2009/02/04 10:38:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ImgLibLead.dll [2009/02/04 10:38:12 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2009/02/04 00:50:15 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/02/04 00:50:15 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2009/01/28 06:14:32 | 000,000,274 | ---- | C] () -- C:\Windows\AWACT.dll [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2004/07/10 17:55:38 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\wsiShared.dll ========== LOP Check ========== [2009/02/04 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\agi [2009/03/28 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\Business Logic [2009/09/05 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\GetRightToGo [2009/02/07 10:57:13 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\My Games [2010/01/16 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\The Creative Assembly [2009/02/15 08:48:32 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\ubi.com [2009/02/04 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\Webshots [2009/06/22 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\Alienware Area51\AppData\Roaming\wsInspector [2010/06/29 00:44:04 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/02/26 22:14:17 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=23C24A7781720E9271E34FC8354847B8 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22123_none_16a8869090396e61\AGP440.sys [2008/02/26 21:35:26 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=A193A748AE9462C96E921C8AF9979B53 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20780_none_147e678493463911\AGP440.sys [2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll < %systemroot%\*. /mp /s > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 3552 bytes -> C:\Windows\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > OTL Extras logfile created on: 6/29/2010 10:23:36 AM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alienware Area51\Documents 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 75.00% Memory free 14.00 Gb Paging File | 12.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.19 Gb Total Space | 224.62 Gb Free Space | 49.56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALIENWAREARE-PC Current User Name: Alienware Area51 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l () scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3103196371-1523720487-62806711-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0297A438-C410-40F4-AC67-66512EF8C488}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{02C45438-97C0-4CED-A54B-147F48B20D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{2B357958-8EF0-49C4-8BE1-6BDA2C916B35}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | "{31F36B1A-F244-460D-92F6-D343D0ED332D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{386A7BD9-4E32-4E21-913C-24DA54BC0EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe | "{46AA1E56-8113-4DCB-A894-0B4D11E32B2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silent hunter 3\sh3.exe | "{4C639D22-27DB-4414-9D10-B60E9E0C3377}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{52A808B2-62A3-4771-A654-EB6A3F2DD2A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{5CD6DC9E-90BE-4D99-BC83-03F535493808}" = protocol=6 | dir=in | app=c:\program files (x86)\webroot\webrootsecurity\spysweeperui.exe | "{65FA46D9-8FEB-452F-AE32-AA25C5E0839A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{681636B4-4375-471F-9FC8-A0B1405AA039}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6C19FCB5-5EFE-4415-AC85-DD73905B59BF}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe | "{7D4D8E0E-829A-4456-8C90-B3D923647E99}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{7DBF99FD-546C-45A2-82A2-A7EFA21AAB63}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | "{82EC60AC-4FF1-4F09-B020-FAE81FC6500E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{87C9A5C5-95CE-45D5-9FEE-78C90930BB63}" = protocol=17 | dir=in | app=c:\program files (x86)\webroot\webrootsecurity\spysweeperui.exe | "{98129F83-3ADA-4A12-BF42-70B62781AE55}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A0901BC6-E48D-4746-B9FE-241DA9A60FB1}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{AA54E415-2729-47EA-838D-0A365869AD1A}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | "{B139F83D-D3AF-4F33-B909-1170EA2EADAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silent hunter 3\sh3.exe | "{BB968A83-76C4-4B96-8BAB-88D504236B13}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe | "{C6099524-C1E1-4D84-9657-CE76B53EB107}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe | "{C87C46D3-68F2-4359-A4BC-8575D6E8DCE7}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{D1A18237-95A7-4A6A-897A-5C71415CC745}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | "{D39AEFEA-EB49-47CA-B0DF-CCAD2ABBA8C0}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{DA0BE4EA-BF6C-4518-82E6-958A2AEB2FFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{DBCCFF1E-F864-4C00-A443-9F77748BE541}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | "{E3AB56F3-C008-48F1-811D-6740915B613C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe | "{E56C6F19-68DD-4692-A904-64B3EE07425E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{ED0E0503-3A94-4E0E-A2B4-38FD2EA9C0F3}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{F03967B4-548B-4477-9AA1-F0640013E249}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{F7AEDE50-1E6F-4941-9ED1-55F87AD8BD7C}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | "{FBF4B806-A133-46E3-8C71-0180FC27B43E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2 "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch "{18039280-98B7-4C5E-AAC0-10EBC9731033}" = Nero 7 Essentials "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1FE92762-7856-11D4-9ABB-006067325E47}" = Baldur's Gate II - Shadows of Amn Collectors CD "{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords "{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Heart of Winter "{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{5474ED3E-9749-4ACB-BD99-B6E6A7846B7F}" = Aion "{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords "{63B263C2-1B61-11D4-8B6D-00C0F01F6881}" = B17 - The Mighty Eighth "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7524763B-0D8A-4DF4-984D-6D90A319463D}" = IL-2 Sturmovik 1946 "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business "{7FC07A07-0345-4B08-BBFE-43885A58253C}" = Killer Driver "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D9C7104-97CC-4BA4-81CF-6DBB55992F0D}" = IL2-MAT Manager "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War "{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal "{BB360AE2-CF24-420B-8E31-7597E9499DD2}" = Zoom Cable Modem "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector "{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein 1.1 Patch "{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2 "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection "{F8CE8AA1-DA97-11D5-873A-0050DABC2539}" = Austerlitz - Napoleon’s Greatest Victory "{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe ActiveShare" = Adobe ActiveShare 1.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Baldur's Gate" = Baldur's Gate "Classic Board Games 1.0" = Microsoft Classic Board Games "Close Combat The Longest Day5.50" = Close Combat The Longest Day "Close Combat Wacht am Rhein4.50" = Close Combat Wacht am Rhein "DjVu" = Lizardtech DjVu Control (autoinstall) "Download Manager" = Download Manager 2.3.9 "EADM" = EA Download Manager "FontFrenzy" = FontFrenzy 1.51 "Fraps" = Fraps "Game Booster_is1" = Game Booster "Gary Grigsby's World At War1.005" = Gary Grigsby's World At War "HijackThis" = HijackThis 2.0.2 "Host OpenAL (ADI)" = Host OpenAL (ADI) "Icewind Dale" = Icewind Dale "IL-2 Shturmovik Stab (1946)" = IL-2 Shturmovik Stab (1946) "IL-2_Manager_2.5" = IL-2 Manager 5.0 PF "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch "InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein 1.1 Patch "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "John Tiller's Campaign Series1.00" = John Tiller's Campaign Series "Kazoo Player" = Kazoo Player "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "PC Matic_is1" = PC Matic 1.0.0.0 "PC Pitstop Disk MD_is1" = PC Pitstop Disk MD 2.0 "PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13 "PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0 "PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0 "PunkBusterSvc" = PunkBuster Services "RiseOfNations 1.0" = Microsoft Rise Of Nations "RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots "Safecracker" = Safecracker "Shogun Total War - Warlord Edition" = Shogun - Total War - Warlord Edition "Sid Meier's Antietam" = Sid Meier's Antietam "SpywareBlaster_is1" = SpywareBlaster 4.2 "StarCalc" = StarCalc 5.73 "Steam App 10500" = Empire: Total War "Steam App 10600" = Empire: Total War - Special Forces Unit "Steam App 15210" = Silent Hunter III "Steam App 220" = Half-Life 2 "Steam App 340" = Half-Life 2: Lost Coast "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "SystemRequirementsLab" = System Requirements Lab "The Operational Art of War III3.0.0.12" = The Operational Art of War III "Uncommon Valor" = Uncommon Valor v2.0 "Unlocker" = Unlocker 1.8.9 "War in the Pacific Admiral's Edition1.00.79" = War in the Pacific Admiral's Edition "Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
  13. One of my MMO games account got hacked & since i never gave out the password or user name to anyone i immediatly thought of a keylogger, Heres my HiJack this file, If someone could make sense out of it i would appreciate it, thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:54:18 AM, on 6/28/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18470) Boot mode: Normal Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: KillerTray.lnk = ? O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- End of file - 6092 bytes
×
×
  • Create New...