• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
Nerwign

trojan.win32.Generic!BT

36 posts in this topic

This file is detected and removed by Ad-Aware, but after the reboot, it is always found again. I would really appreciate any help in permanently getting rid of it.

Ad-Aware was last updated 1/1/2012 0150.0669

Scanned with Ad-Aware, removed infected issues and did not reboot before running OTL. Please let me know if I have missed a step in what you need in order to help. Thank you kindly.

Sincerely,

Nerwign



OTL.Txt:

OTL logfile created on: 1/5/2012 5:50:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nerwign\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.84% Memory free
8.22 Gb Paging File | 5.53 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.63 Gb Total Space | 68.66 Gb Free Space | 15.17% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.81 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive M: | 1.89 Gb Total Space | 0.18 Gb Free Space | 9.70% Space Free | Partition Type: FAT

Computer Name: NERWIGN-PC | User Name: Nerwign | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Nerwign\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe ()
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Winamp\winampa.exe ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - [url="file://\\?\globalroot\systemroot\syswow64\mswsock.dll"]\\?\globalroot\systemroot\syswow64\mswsock.dll[/url] ()
MOD - [url="file://\\.\globalroot\systemroot\syswow64\mswsock.dll"]\\.\globalroot\systemroot\syswow64\mswsock.dll[/url] ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:[b]64bit:[/b] - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV:[b]64bit:[/b] - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV:[b]64bit:[/b] - (VMAuthdService) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe (VMware, Inc.)
SRV:[b]64bit:[/b] - (ufad-ws60) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-ufad.exe (VMware, Inc.)
SRV:[b]64bit:[/b] - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (vmwvusb) -- C:\Windows\SysNative\Drivers\vmwvusb.sys ()
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys ()
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys ()
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys ()
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys ()
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys ()
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys ()
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys ()
DRV:[b]64bit:[/b] - (vstor2-ws60) -- C:\Program Files\VMware\VMware View\Client\Local Mode\vstor2-ws60.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:[b]64bit:[/b] - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:[b]64bit:[/b] - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys ()
DRV:[b]64bit:[/b] - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:[b]64bit:[/b] - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys ()
DRV:[b]64bit:[/b] - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:[b]64bit:[/b] - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:[b]64bit:[/b] - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files (x86)\HP\DVDPlay\000.fcl (Cyberlink Corp.)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "[url="http://www.google.com/"]http://www.google.com/[/url]"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\Codex\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/21 06:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/13 12:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 12:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 12:59:22 | 000,000,000 | ---D | M]

[2008/12/10 06:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Extensions
[2011/02/28 18:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Firefox\Profiles\awaybks7.default\extensions
[2009/09/04 20:53:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nerwign\AppData\Roaming\Mozilla\Firefox\Profiles\awaybks7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/09 04:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/09 04:45:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/12/23 01:47:58 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 [url="http://www.google-analytics.com"]www.google-analytics.com[/url].
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 [url="http://www.statcounter.com"]www.statcounter.com[/url].
O1 - Hosts: 184.95.41.155 [url="http://www.google-analytics.com"]www.google-analytics.com[/url].
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 [url="http://www.statcounter.com"]www.statcounter.com[/url].
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware View\Client\Local Mode\hqtray.exe" File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\VMware\VMware View\Client\Local Mode\x64\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\VMware\VMware View\Client\Local Mode\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} [url="http://www.bestmark.com/support/ScriptX.cab"]http://www.bestmark.com/support/ScriptX.cab[/url] (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url="http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab"]http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab"]http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab[/url] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [url="http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab"]http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab[/url] (Photo Upload Plugin Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} [url="http://picasaweb.google.com/s/v/58.17/uploader2.cab"]http://picasaweb.google.com/s/v/58.17/uploader2.cab[/url] (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [url="http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab"]http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab[/url] (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} [url="http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab"]http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab[/url] (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [url="http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab"]http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab[/url] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [url="https://alliantinsurance.webex.com/client/T27L/webex/ieatgpc1.cab"]https://alliantinsurance.webex.com/client/T27L/webex/ieatgpc1.cab[/url] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [url="http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5990/mcfscan.cab"]http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5990/mcfscan.cab[/url] (McFreeScan Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} [url="http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab"]http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab[/url]? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04B24052-B720-4B69-90A1-29885A84A3D4}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nerwign\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nerwign\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:[b]64bit:[/b] - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll ()
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/01/05 05:49:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nerwign\Documents\OTL.exe
[2012/01/04 18:47:12 | 000,000,000 | ---D | C] -- C:\Users\Nerwign\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/04 18:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/04 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/04 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/04 18:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/12/29 19:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/29 19:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/29 19:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/29 19:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/22 18:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/22 18:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/21 23:02:19 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/18 22:17:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/12/18 22:17:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/12/18 22:17:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/12/18 22:17:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/12/18 22:17:48 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/12/18 22:17:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/12/18 22:17:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/12/18 22:17:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/12/18 22:17:43 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/12/18 22:17:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/12/18 22:17:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/12/18 22:17:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/12/18 22:17:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/12/18 22:17:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/12/18 22:17:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/12/18 22:17:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/12/18 22:17:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/12/18 22:17:35 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/12/18 22:17:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/12/18 22:17:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/12/18 22:17:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/12/18 22:17:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/18 22:17:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/12/18 22:17:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/12/18 22:17:31 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/12/18 22:17:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/12/18 22:17:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/12/18 22:17:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/12/18 22:17:29 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/12/18 22:17:27 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/12/18 22:17:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/12/18 22:17:25 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/12/18 22:17:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/12/18 22:17:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/12/18 22:17:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/12/18 22:17:23 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/12/18 22:17:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/12/18 22:17:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/12/18 22:17:22 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/12/18 22:17:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/12/18 22:17:21 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/12/18 22:17:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/12/18 22:17:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/12/18 22:17:18 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/12/18 22:17:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/12/18 22:17:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/12/18 22:17:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/12/18 22:17:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/12/18 22:17:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/12/18 22:17:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/12/18 22:17:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/12/18 22:17:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/12/18 22:17:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/12/18 22:17:10 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/12/18 22:17:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/12/18 22:17:09 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/12/18 22:17:08 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/12/18 22:17:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/12/18 22:17:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/12/18 22:17:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/12/18 22:17:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/12/18 22:17:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/12/18 22:17:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/12/18 22:17:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/12/18 22:17:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/12/18 22:17:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/12/18 22:16:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/12/18 22:16:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/12/18 22:16:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/12/18 22:16:56 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/12/18 22:16:56 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/12/18 22:16:55 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/12/18 22:16:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/12/18 22:16:54 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/12/18 22:16:53 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/12/18 22:16:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/12/18 22:16:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/12/18 22:16:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/12/18 22:16:51 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/12/18 22:16:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/12/18 22:16:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/12/18 22:16:47 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/12/18 22:16:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/12/18 22:16:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/12/18 22:16:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/12/18 22:16:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/12/18 22:16:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/12/18 22:16:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/12/18 22:16:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/12/18 22:16:37 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/12/18 22:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/12/18 22:05:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/10/02 12:12:21 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/01/05 05:49:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nerwign\Documents\OTL.exe
[2012/01/05 05:44:47 | 000,000,160 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/01/05 05:42:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 05:42:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 04:56:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 03:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 23:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/04 23:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/04 22:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/04 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/04 22:01:17 | 000,695,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 22:01:17 | 000,598,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 22:01:17 | 000,102,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 21:54:37 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/04 21:53:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/04 21:53:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/04 21:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 21:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/04 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/04 20:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/04 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/04 18:46:53 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/03 18:30:14 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/01/03 18:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/03 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/03 17:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/03 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/03 17:26:10 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nerwign.job
[2012/01/03 16:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/03 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/03 15:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/03 15:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/03 14:27:09 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/03 14:27:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/03 13:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/03 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/03 12:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/03 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/01 18:32:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/01 18:32:15 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/01 11:41:13 | 000,000,147 | ---- | M] () -- C:\Users\Nerwign\Desktop\rk-proxy.reg
[2012/01/01 11:39:57 | 001,008,141 | ---- | M] () -- C:\Users\Nerwign\Desktop\iExplore.exe
[2012/01/01 11:31:27 | 000,012,856 | -HS- | M] () -- C:\Users\Nerwign\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 11:31:27 | 000,012,856 | -HS- | M] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/12/30 09:36:01 | 000,000,842 | ---- | M] () -- C:\Users\Nerwign\Desktop\mbam.exe - Shortcut.lnk
[2011/12/29 19:04:20 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/29 18:46:03 | 000,457,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/24 02:06:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\0ns4R1.dat
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111230-093818.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111229-224054.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111224-093346.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111224-091735.backup
[2011/12/23 01:47:58 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/22 18:25:26 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/22 18:22:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/22 06:26:02 | 012,407,296 | ---- | M] () -- C:\Users\Nerwign\Documents\Ad-Aware96Install.msi
[2011/12/17 09:49:27 | 000,186,368 | ---- | M] () -- C:\Users\Nerwign\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 10:07:32 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/01/05 05:44:41 | 000,000,160 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/01/04 21:53:33 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/04 18:46:53 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/01 11:41:13 | 000,000,147 | ---- | C] () -- C:\Users\Nerwign\Desktop\rk-proxy.reg
[2012/01/01 11:39:53 | 001,008,141 | ---- | C] () -- C:\Users\Nerwign\Desktop\iExplore.exe
[2012/01/01 11:20:09 | 000,012,856 | -HS- | C] () -- C:\Users\Nerwign\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 11:20:09 | 000,012,856 | -HS- | C] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/12/30 09:36:01 | 000,000,842 | ---- | C] () -- C:\Users\Nerwign\Desktop\mbam.exe - Shortcut.lnk
[2011/12/29 19:04:20 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 02:06:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 02:06:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 02:06:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\0ns4R1.dat
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 02:06:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 02:06:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/22 22:50:02 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/22 18:22:43 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/22 18:22:42 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/22 06:25:56 | 012,407,296 | ---- | C] () -- C:\Users\Nerwign\Documents\Ad-Aware96Install.msi
[2011/12/18 22:17:51 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2011/12/18 22:17:51 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/12/18 22:17:50 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2011/12/18 22:17:49 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/12/18 22:17:48 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/12/18 22:17:47 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2011/12/18 22:17:46 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2011/12/18 22:17:45 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2011/12/18 22:17:43 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2011/12/18 22:17:43 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/12/18 22:17:41 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2011/12/18 22:17:41 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/12/18 22:17:39 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2011/12/18 22:17:38 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2011/12/18 22:17:37 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/12/18 22:17:37 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/12/18 22:17:36 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2011/12/18 22:17:35 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2011/12/18 22:17:35 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2011/12/18 22:17:34 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/12/18 22:17:34 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2011/12/18 22:17:33 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2011/12/18 22:17:32 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2011/12/18 22:17:32 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/12/18 22:17:31 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2011/12/18 22:17:30 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/12/18 22:17:30 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2011/12/18 22:17:30 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/12/18 22:17:29 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2011/12/18 22:17:27 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2011/12/18 22:17:27 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/12/18 22:17:25 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2011/12/18 22:17:25 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/12/18 22:17:24 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2011/12/18 22:17:24 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/12/18 22:17:23 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/12/18 22:17:23 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2011/12/18 22:17:23 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2011/12/18 22:17:22 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2011/12/18 22:17:21 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2011/12/18 22:17:21 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/12/18 22:17:20 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2011/12/18 22:17:19 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/12/18 22:17:18 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2011/12/18 22:17:18 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/12/18 22:17:18 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2011/12/18 22:17:17 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2011/12/18 22:17:17 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2011/12/18 22:17:16 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/12/18 22:17:16 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2011/12/18 22:17:16 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/12/18 22:17:15 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2011/12/18 22:17:14 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2011/12/18 22:17:10 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/12/18 22:17:10 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2011/12/18 22:17:09 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2011/12/18 22:17:08 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2011/12/18 22:17:07 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/12/18 22:17:07 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2011/12/18 22:17:06 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2011/12/18 22:17:05 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2011/12/18 22:17:05 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/12/18 22:17:04 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/12/18 22:17:04 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2011/12/18 22:17:03 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2011/12/18 22:17:02 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2011/12/18 22:16:58 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2011/12/18 22:16:57 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/12/18 22:16:57 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2011/12/18 22:16:56 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2011/12/18 22:16:56 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2011/12/18 22:16:55 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2011/12/18 22:16:54 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2011/12/18 22:16:54 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2011/12/18 22:16:53 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2011/12/18 22:16:53 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2011/12/18 22:16:53 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/12/18 22:16:52 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2011/12/18 22:16:51 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2011/12/18 22:16:50 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2011/12/18 22:16:48 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2011/12/18 22:16:47 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2011/12/18 22:16:44 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2011/12/18 22:16:43 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2011/12/18 22:16:43 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/12/18 22:16:42 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2011/12/18 22:16:42 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2011/12/18 22:16:41 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2011/12/18 22:16:39 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2011/12/18 22:16:38 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2011/12/18 22:16:37 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2011/10/02 12:12:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/02 12:12:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/02 12:12:20 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/02 12:12:20 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/02 12:12:20 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/26 21:40:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 21:40:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/05 05:42:34 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 07:52:47 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010/12/24 07:44:14 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010/12/24 07:44:14 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/11/05 04:54:47 | 000,199,372 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/07/10 04:51:10 | 000,000,680 | ---- | C] () -- C:\Users\Nerwign\AppData\Local\d3d9caps.dat
[2008/11/06 18:58:02 | 000,000,560 | ---- | C] () -- C:\Users\Nerwign\AppData\Roaming\wklnhst.dat
[2008/10/31 05:26:40 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2008/10/31 05:23:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/10/30 05:02:45 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2008/10/29 17:30:47 | 000,186,368 | ---- | C] () -- C:\Users\Nerwign\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/28 03:40:53 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/28 03:12:27 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/28 03:12:27 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 18:49:13 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/07/15 16:48:32 | 000,170,585 | ---- | C] () -- C:\Windows\SysWow64\MCPrintX.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/12/14 05:59:53 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Amazon
[2010/05/23 05:58:03 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Chiu Software Systems
[2011/10/21 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\CoreFTP
[2010/07/06 18:52:50 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Dropbox
[2011/12/20 06:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\FileZilla
[2010/05/23 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Filter Forge
[2009/01/21 05:47:15 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\ICAClient
[2009/06/18 04:53:25 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\MyPublisher
[2009/08/08 07:11:27 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\NCH Swift Sound
[2010/12/24 07:52:47 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\pdf995
[2008/11/06 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\Template
[2011/06/11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\uTorrent
[2010/02/03 15:06:53 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\webex
[2008/10/29 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nerwign\AppData\Roaming\WinBatch
[2012/01/04 21:54:37 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/01/03 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/01/03 12:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/01/03 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/01/03 13:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/01/03 14:27:09 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/01/03 14:27:09 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/01/03 15:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/01/03 15:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/01/03 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/01/03 16:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/01/03 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/01/03 17:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/01/03 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/01/03 18:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/01/04 21:53:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/01/04 21:53:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/01/04 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/01/04 20:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/01/04 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/01/04 21:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/01/04 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/01/04 22:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/01/04 23:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/01/04 23:27:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/01/04 21:51:50 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/20 17:55:46 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19854172-812A-4FBD-8E6E-4F3966C76351}.job

[color=#E56717]========== Purity Check ==========[/color]

< End of report >

Extras.Txt:

OTL Extras logfile created on: 1/5/2012 5:50:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nerwign\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.84% Memory free
8.22 Gb Paging File | 5.53 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.63 Gb Total Space | 68.66 Gb Free Space | 15.17% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.81 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive M: | 1.89 Gb Total Space | 0.18 Gb Free Space | 9.70% Space Free | Partition Type: FAT

Computer Name: NERWIGN-PC | User Name: Nerwign | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23AB12E9-C364-41E5-B866-D1F385966888}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="[email protected],-28539"][email protected],-28539[/email] |
"{259A6A70-0C6F-42E6-87ED-529F060B68E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{39357507-4BFD-4B58-BFB7-BC15E8855D30}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A3D6E84-5252-4494-ABC9-D890D500554E}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F039743-0243-426A-803B-84215B608402}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D00D883-904F-4244-99A8-2B935F407282}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2845371-95C6-4318-849B-6E3504860A9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6D5D23E-5905-43C5-9B95-6C55ECAE323A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7BEF8C4-3123-434D-822F-D11EB42C7272}" = lport=139 | protocol=6 | dir=in | app=system |
"{F99D7435-B2D2-46FE-A8F6-9DB65690C40A}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012A8889-D530-47C2-9026-2B7C3017442C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0360E747-D9E6-4EE7-B899-A85AB19577B0}" = dir=in | app=c:\program files (x86)\hp\dvdplay\dvdplay.exe |
"{06CDDF1A-16AF-47E3-852F-493FC6FD38BC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{10E4FA2A-852B-4AFB-A8DF-0C5166FE68A7}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{1B1330CC-5E89-45C9-A2E7-177059B7691C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1CDCC53B-ACF4-47A5-96CE-877B5F5DA1BA}" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\roaming\dropbox\bin\dropbox.exe |
"{1E769ED1-2B21-4662-98CE-A60122B17ADD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{2221A539-196F-4CB8-9878-E903D402E1F4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{32FFC9FB-ED1E-4300-991A-2F0686A1E814}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{3BC87B70-88BF-438A-868B-F56239713AAC}" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D074988-F7B8-431E-BD19-E6B0CAF6C60C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{4F172553-44F4-4D33-8677-4627856F3499}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5379142B-184F-4FA0-BA3D-E366F2553CDD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{57565AC4-C030-47F5-AB5E-4E6AA78A7A97}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{575AE5EA-19EB-4C49-9BF7-D01BB2DF7850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58065429-3DF7-4E0D-A933-0E826F9727EF}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{59EFBF25-B500-4B0E-BF52-557089902E82}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5A4D3501-A9BD-42AD-B6FF-2807500B4548}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{5CEAFC12-4031-44F8-8B42-A3C058F120EF}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{5D00C60D-C651-46D0-BE91-A6D7D614BEC6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5EFE3AF1-1A74-4197-8CFB-276A3DDB2D59}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{69C789E2-AB63-4C15-976A-8DE8ABDA17A9}" = protocol=58 | dir=out | [email="[email protected],-28546"][email protected],-28546[/email] |
"{6CFAF21B-12E6-4B59-B472-703E24B8D80C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{6D7687C5-CF70-4BC7-BB65-618371EC3F84}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{6E4DD121-FA6B-4F5C-976C-8C5C7A618189}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{7E98EF0E-F7DE-430E-8EAB-A5D0ECEDB91F}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{8D4CD39A-70C7-4B19-A1AF-E7AE5E678869}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F905BB6-3878-4591-B71D-34D46E8339E1}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{9FBE247D-596B-47B6-8708-A6ADF7A0BC96}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{A064AFCB-005E-45E8-BED3-3670C5D02317}" = protocol=1 | dir=in | [email="[email protected],-28543"][email protected],-28543[/email] |
"{A84384AA-2EB7-4687-9452-637796F5F07B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8B5A5B5-EFEC-4DE0-9323-FC6C5EDAB7BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6277F51-54C4-4703-A2C5-A34F6EBC2DE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAD0385E-4F26-49E0-94DD-672019A75436}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{BBA71DF3-8F9C-437B-959D-9E015E082443}" = dir=in | app=c:\program files (x86)\hp\dvdplay\dpservice.exe |
"{C0B2B367-FC11-4FA7-AF6A-CC476B33879B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA55ED8E-8006-4364-8CDC-4DB978A9D5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0124419-4D0E-4E30-BA14-B64A1E4A629B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\local mode\vmware-authd.exe |
"{DB3493D2-EB37-4C9A-83F2-CD67FB418C73}" = protocol=58 | dir=in | [email="[email protected],-28545"][email protected],-28545[/email] |
"{E4E00BD3-C1B0-4BEB-B8A5-0432E9B4F16C}" = protocol=1 | dir=out | [email="[email protected],-28544"][email protected],-28544[/email] |
"TCP Query User{49F94261-4419-47E8-8A5E-1B84506A1681}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{8950AB3D-E97B-478D-9F6D-2E89CF076E22}C:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe |
"TCP Query User{C3DAFE99-A6CD-4F2D-9A6D-A67A73842A6C}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe |
"TCP Query User{E385F5A6-35BD-48F3-A1D5-4ABDF1257719}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe |
"UDP Query User{234E7C43-3816-4CC8-B33D-5142171A4E75}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\p3m2cdzk\wow-burningcrusade-trial-enus-installer-downloader[1].exe |
"UDP Query User{2E24E170-02C6-404D-B69E-557AF537012B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{65BA3FB9-0D1C-4BDE-9B2C-17DEF63DEF87}C:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0-enus-downloader (2).exe |
"UDP Query User{756A5876-ADE5-4F31-8379-9BDA879618E5}C:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\nerwign\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2bv6jwj\wowclient-downloader[1].exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{98220C1E-4A8F-4EEC-9CE4-942DB10B27BD}" = VMware View Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play BD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{9915F060-19D4-11D4-A682-00105AA6FA07}" = D&D Character Generator Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B86688D9-0F85-458B-AFB1-5B3B4C8CE541}" = Opcion Font Viewer
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"CDex" = CDex extraction audio
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Core FTP LE 1.3c" = Core FTP LE 1.3c
"DivX Setup" = DivX Setup
"ExpressRip" = Express Rip
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"FileZilla Client" = FileZilla Client 3.5.2
"Filter Forge_is1" = Filter Forge 1.017
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Matroska Pack" = Matroska Pack
"MatroskaProp" = MatroskaProp (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MyPublisher" = MyPublisher
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"sp44626" = sp44626
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/30/2011 2:17:31 AM | Computer Name = Nerwign-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46785

Error - 12/30/2011 2:17:31 AM | Computer Name = Nerwign-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46785

Error - 12/30/2011 2:39:22 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 1:23:51 PM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 1:41:49 PM | Computer Name = Nerwign-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4e9e0abd,
exception code 0xc0000005, fault offset 0x72f9b022, process id 0x1318, application
start time 0x01ccc71a4ba1e2ed.

Error - 12/30/2011 9:56:32 PM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 3:43:11 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 2:08:37 PM | Computer Name = Nerwign-PC | Source = PC-Doctor | ID = 1
Description =

Error - 12/31/2011 2:45:21 PM | Computer Name = Nerwign-PC | Source = Application Hang | ID = 1002
Description = The program pcdr5cuiw32.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 142c Start Time: 01ccc7e60630d1d0 Termination Time: 6

Error - 1/1/2012 1:57:27 AM | Computer Name = Nerwign-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/4/2012 8:28:21 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 8:48:28 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 9:09:01 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 9:29:09 AM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.9 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 10:33:36 PM | Computer Name = Nerwign-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00221582507F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/5/2012 1:53:05 AM | Computer Name = Nerwign-PC | Source = HTTP | ID = 15016
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/5/2012 1:53:33 AM | Computer Name = Nerwign-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >

Share this post


Link to post
Share on other sites
Hi,

Download DDS and save it to your desktop from [url=http://download.bleepingcomputer.com/sUBs/dds.com][b][color=seagreen]here[/color][/b][/url] or [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b][color=seagreen]here[/color][/b][/url] or [url=http://www.forospyware.com/sUBs/dds][b][color=seagreen]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds file [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
Here are the two files. I did not zipe Attach.txt as you did not request me to - I hope this is alright.

Thank you so much for your help!

~Nerwign

Share this post


Link to post
Share on other sites
Hello,
[color=#FF0000]uTorrent[/color]

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My [b]recommendation is to uninstall these (and other if present) P2P file sharing programs[/b].


Please visit this webpage for download links, and instructions for running ComboFix tool:

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

[COLOR=Blue]Please ensure you read this guide carefully first.[/COLOR]

Please continue as follows:

[LIST=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url=http://www.bleepingcomputer.com/forums/topic114351.html]link[/url]
Remember to re-enable them afterwards.


[*]Click [B]Yes[/B] to allow ComboFix to continue scanning for malware.
[/LIST]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[B]C:\ComboFix.txt
New dds log.[/B]

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/B][/COLOR]

Share this post


Link to post
Share on other sites
I got a little lost while following your instructions. Not your fault - I got so involved reading the tutorial for using ComboFix that I forgot to uninstall uTorrent before running it.

So to summarize:
1) I downloaded and ran ComboFix per instructions
*Note - while I followed the instructions for how to disable all blockers, ComboFix told me AdAware was still running, despite multiple efforts on my part to turn it off.
2) I realized I had not uninstalled uTorrent. I uninstalled uTorrent
3) I ran ComboFix again (getting the same AdAware warnings/issues)
4) I ran DDS.com again

Attached are log.txt from combofix and dds.txt from DDS. Please let me know if there is something I need to do differently. Thank you so much for your help!

Share this post


Link to post
Share on other sites
Hi,

Please download [url=http://download.bleepingcomputer.com/farbar/FSS.exe][b]Farbar Service Scanner[/b][/url] and run it on the computer with the issue.[list]
[*]Check all boxes.
[*]Press "[b]Scan[/b]".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.
[/list]

Share this post


Link to post
Share on other sites
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

[code]
File::
c:\windows\system32\drivers\etc\HOSTS
RegNull::
[HKEY_USERS\S-1-5-21-456595718-3152782387-4258940814-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE02869A-F7AE-1AFA-02C5-BF9C13D5DC8F}*]
[/code]


Save this as
CFScript

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.[/B][/COLOR]

[img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img]

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


[B]Uninstall old Adobe Reader versions[/B] and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) [url=http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows]here[/url] or get Foxit Reader [url=http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm]here[/url]. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced [url=http://pdfreaders.org/]here[/url].


Uninstall vulnerable [b]Flash[/b] versions by following instructions [url=http://kb2.adobe.com/cps/141/tn_14157.html]here[/url]. Fresh version can be obtained [url=http://get.adobe.com/flashplayer/]here[/url].


[b][color=blue]Your Java is out of date.[/color][/b] Older versions have vulnerabilities that malware can use to infect your system. [b]Please follow these steps to remove older version Java components and update to the latest version...[/b]

[b][color=blue]Updating Java:[/color][/b]
[list]
[*]Download the latest version of [b][URL=http://www.oracle.com/technetwork/java/javase/downloads/index.html]Java Runtime Environment (JRE) 7 Update 2[/URL][/b].
[*]Click the
[b]Download[/b]
button to the right.
[*]Select Windows on platform combobox and check the box that says:
[b][i]Accept[/b] License Agreement[/i]. Click continue.

[*]The page will refresh.
[*]Click on the link to download [i]Windows Offline Installation[/i] with or without Multi-language and save to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to [b]Start[/b] > [b]Control Panel[/b] double-click on [b]Add/Remove[/b] programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the [b]Remove[/b] or [b]Change/Remove[/b] button.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on [b]jre-7u2-windows-i586.exe[/b] to install the newest version. Uncheck Carbonite online backup trial if it's offered there.[/list]


* Go [url=http://www.eset.eu/online-scanner][color=red][b][u]here[/u][/b][/color][/url] to run an online scanner from ESET.[list]
[*][color=red][b]Note:[/b][/color] You will need to use [color=blue][b]Internet explorer[/b][/color] for this scan
[*]Tick the box next to [b]YES, I accept the Terms of Use.[/b]
[*]Click [b]Start[/b]
[*]When asked, allow the activex control to install
[*]Click [b]Start[/b]
[*]Make sure that the option [b]Remove found threats[/b] is UNchecked and the option [b]Scan unwanted applications[/b] is checkmarked.
[*]Click [b]Scan[/b]
[*]Wait for the scan to finish.
[/list]


Post back its report, fresh dds logs (after a reboot) and above mentioned ComboFix resultant log.

Share this post


Link to post
Share on other sites
I uninstalled Java, Adobe Reader and Adobe Flash.

I downloaded and installed new Java, Adobe Reader (including update) and Adobe Flash.

I combined CFScript with ComboFix.

I rebooted.

I ran ComboFix (log file attached). ComboFix again complained that AdAware was running, though there is no indication to me that this is true. There is no system tray icon and I did not start the program myself. Also ComboFix stated that there was a newer version and asked me if I would like to update. I said no.

I ran DDS.com (DDS log file attached).

I ran ESET online scan. It did not generate a lot on its own but allowed me to save a list of the issues found, as a txt file. I have attached that also.

Share this post


Link to post
Share on other sites
Hi,

ComboFix log indicates that the tool wasn't run with CFScript.txt file. How did you run it?

Share this post


Link to post
Share on other sites
I copied the text you included, opened Notepand and pasted the text. I checked to make sure it was all there and saved it on my desktop as CFScript.txt. I then dragged and dropped CFScript.txt onto the ComboFix icon. A small window popped up. It had a black background and green text scrolled by.

I do not recall beyond that.

How should I make sure it is done correctly and what is my next step? Thank you so much!

Sincerely,

Nerwign

Share this post


Link to post
Share on other sites
Hi,

Please ensure CFScript.txt contents is like guided above. Then redo the ComboFix run with the script (allow tool to update itself).

Share this post


Link to post
Share on other sites
I checked the contents of CFScript (copied your text and pasted it in again). I then dragged the CFScript onto ComboFix. The black popup with green text came up again.

When it was done I ran ComboFix again. I did not watch it run. In the morning, when it was done, I noticed that CFScript.txt is no longer on my desktop. I hope this is OK.

Here is the log.txt.

Sincerely,

Nerwign

Share this post


Link to post
Share on other sites
Good. Reboot and post fresh dds logs. Then see if you're able to access firewall settings in Security Center (in Control Panel) without any issues.

Share this post


Link to post
Share on other sites
Here is the DDS.txt file, but I do not know what you want me to do with firewall settings.

Though I have some computer literacy, I am a complete noob when it comes to network settings. I am on a home network that is usually controlled by the other computer.

~Nerwign

Share this post


Link to post
Share on other sites
Hi,

Just see if you're able to access Windows Firewall settings without any errors. Also, try to re-enable Windows Defender.

Report back and we'll continue after that.

Share this post


Link to post
Share on other sites
I am not sure what steps I should be using to try to access my firewall settings. I went in and tried to turn on the firewall. It said that it could not. I tried to click the option for manual settings. Then I clicked on "Update Settings Now" but nothing seemed to happen when I clicked that.

I went into the Windows Defender and just clicking on that from the left-hand menu brought up an error.

I have attached jpg images. Please let me know if I should attach something else and/or what I should do now?


Thank you so much for your help!

~Nerwign

Share this post


Link to post
Share on other sites
Hi,

Please download and run [url=http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe]this[/url] tool. Then check firewall enabling again.

Share this post


Link to post
Share on other sites
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file [b]fixes.bat[/b], change the Save as type to all files and save it to your desktop.
[b]@ECHO OFF
SWREG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" /s >"%userprofile%\desktop\Logit.txt"
DEL %0
[/b]
Right-click on [b]fixes.bat[/b] file and select [b]run as administrator[/b] to execute it. Black window will open and close. After that Logit.txt file should exist on the desktop. Attach it to your post (or let me know if the file didn't appear).

Share this post


Link to post
Share on other sites
Hi,

Download attached zip file, extract to your desktop and double-click .reg file found inside. Allow merging and reboot the system. Run Farbar Service Scanner again and post back its log + let me know if firewall still won't turn on. Edited by Blade81
Removed registry fix to avoid abuse of it

Share this post


Link to post
Share on other sites
I downloaded the attached registry fix, extracted to my desktop and double clicked the regfix.reg.

I rebooted and the reboot took a very VERY long time during which I thought the computer had hung up. I probably hit ctrl-alt-del a couple times and reset the reboot, but eventually with enough waiting it did come back up. Phew! :)

I ran FSS.exe and log is posted. I also went into Firewall and it let me turn the firewall on again.

What is my next step or am I fixed now? :)

~Nerwign

Share this post


Link to post
Share on other sites
Hi,

Please see next if Windows Defender enabling works :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0