[Resolved] Virus Overheats My Processor (O_O) - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Start new topics and reply to others
Subscribe to topics and forums to get automatic updates
Add events to our community calendar
Get your own profile and make new friends
Customize your experience here

(2 Pages)
←
1
2

You cannot start a new topic
This topic is locked

[Resolved] Virus Overheats My Processor (O_O) virus makes all my cores 100% full load

#16 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 09 November 2009 - 04:05 PM

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-YG69F-9M66D-PMJBM
Windows Product Key Hash: /kehptF9HHVxM5d8dUnqgcfndXw=
Windows Product ID: 00426-OEM-8992662-00497
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.2.0.001
ID: {948DC78A-52FE-4E7F-932C-D9CCB947211E}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 1.7.111.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{948DC78A-52FE-4E7F-932C-D9CCB947211E}</UGUID><Version>1.9.0011.0</Version><OS>6.1.7600.2.00010100.2.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PMJBM</PKey><PID>00426-OEM-8992662-00497</PID><PIDType>2</PIDType><SID>S-1-5-21-738084018-3835902901-3163185614</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080015 </Version><SMBIOSVersion major="2" minor="5"/><Date>20080918000000.000000+000</Date></BIOS><HWID>EEB83607018400FA</HWID><UserLCID>3409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600497-02-13321-7600.0000-2682009
Installation ID: 004821461506199963889790542370712945337360281166974284
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PMJBM
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 11/10/2009 12:04:45 AM

HWID Data-->
HWID Hash Current: OgAAAAIABgABAAEAAQACAAAAAQABAAEAonYmUcW00oL2pApWhDTKzUa84l+gbTASje+aiMrgLKfMMQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			091808		APIC1155
  FACP			091808		FACP1155
  MCFG			091808		OEMMCFG 
  OEMB			091808		OEMB1155
  SLIC			HPQOEM		SLIC-MPC

Back to top of the page up there ^
MultiQuote
Reply

#17 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 09 November 2009 - 04:41 PM

Hi.

You didn't upload this file: C:\Windows\system32\conhost.exe Could you do that for me please?
If you can't find it, it might be located here instead: C:\Windows\SysWOW64\conhost.exe <- This file

--

Next time, no need to put everything in [ code] tags please.

Okay, let's continue this then.

Run Script with OTL

Please reopen http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png on your desktop.If you are using Vista, please right-click and select run as administrator
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/otli2/customFix.png textbox. Do not include the word "Quote"

Quote
:Processes
conhost.exe
:OTL
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/10/31 06:46:47 | 00,027,136 | ---- | M] () -- C:\ProgramData\Defence\smss.exe
PRC - [2009/10/31 06:46:47 | 00,027,136 | ---- | M] () -- C:\ProgramData\Defence\smss.exe
PRC - [2009/10/31 06:46:47 | 00,027,136 | ---- | M] () -- C:\ProgramData\Defence\smss.exe
PRC - [2009/10/02 22:43:50 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O4 - HKLM..\Run: [framework] File not found
O4 - HKLM..\Run: [Window Proxy Service] C:\Windows\SysWOW64\update.exe ()
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [Defence] C:\ProgramData\Defence\smss.exe ()
O33 - MountPoints2\{d398e1e1-b3e1-11de-99e1-00e06116fe85}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{3b91cd24-aacb-11de-8689-00e06116fe85}\Shell\AutoRun\command - "" = F:\Fort_Zombie_Setup.exe -- File not found
O33 - MountPoints2\{d398e1df-b3e1-11de-99e1-00e06116fe85}\Shell\AutoRun\command - "" = G:\AUTOSTARTER.EXE -- File not found
:files
c:\windows\system32\update.exe
C:\Windows\SysWOW64\update.exe
C:\ProgramData\Defence
c:\windows\1.tmp
c:\windows\2.tmp
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Users\\Nino\\AppData\\Local\\Temp\\reptile.exe"=-
"C:\\Windows\\System32\\update.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Defence"=-
:commands
[EmptyTemp]
[Reboot]
Push http://billy-oneal.com/Canned%20Speeches/speechimages/otli2/runFixbutton.png
OTLI2 may ask to reboot the machine. Please do so if asked.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/otli2/btnOK.png.
A report will open. Copy and Paste that report in your next reply.

Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

Then take a new DDS run and OTL run and post back with the DDS.txt log and OTL.txt log.

Thanks.

With Regards,
Extremeboy

Back to top of the page up there ^
MultiQuote
Reply

#18 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 09 November 2009 - 05:23 PM

regarding the conhost, it's gone? i couldn't find it...

OTL fix result:
All processes killed
========== PROCESSES ==========
No active process named conhost.exe was found!
========== OTL ==========
Process firefox.exe killed successfully!
No active process named SUPERAntiSpyware.exe was found!
Unable to kill active process ekrn.exe!
No active process named smss.exe was found!
No active process named smss.exe was found!
No active process named smss.exe was found!
No active process named uTorrent.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\framework deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Window Proxy Service deleted successfully.
C:\Windows\SysWOW64\update.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-738084018-3835902901-3163185614-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Defence deleted successfully.
C:\ProgramData\Defence\smss.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d398e1e1-b3e1-11de-99e1-00e06116fe85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d398e1e1-b3e1-11de-99e1-00e06116fe85}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b91cd24-aacb-11de-8689-00e06116fe85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b91cd24-aacb-11de-8689-00e06116fe85}\ not found.
File F:\Fort_Zombie_Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d398e1df-b3e1-11de-99e1-00e06116fe85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d398e1df-b3e1-11de-99e1-00e06116fe85}\ not found.
File G:\AUTOSTARTER.EXE not found.
========== FILES ==========
File\Folder c:\windows\system32\update.exe not found.
File\Folder C:\Windows\SysWOW64\update.exe not found.
C:\ProgramData\Defence folder moved successfully.
c:\windows\1.tmp moved successfully.
c:\windows\2.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Users\\Nino\\AppData\\Local\\Temp\\reptile.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Windows\\System32\\update.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Defence not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nino
->Temp folder emptied: 359969645 bytes
->Temporary Internet Files folder emptied: 26296523 bytes
->Java cache emptied: 32297602 bytes
->FireFox cache emptied: 147935043 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 429967557 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 950.64 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11102009_010903

Files\Folders moved on Reboot...
C:\Users\Nino\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

DDS:

DDS (Ver_09-10-26.01) - NTFSX64
Run by Nino at 1:21:20.17 on Tue 11/10/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Ultimate 6.1.7600.2.1252.63.1033.18.6143.4416 [GMT 8:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\notepad.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Nino\Desktop\AV\OTL.exe
C:\Windows\notepad.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nino\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\speedb~2\toolbar\grabber.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
uRun: [Sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Messenger (Yahoo!)] "c:\program files (x86)\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpeedBitVideoAccelerator] c:\program files (x86)\speedbit video accelerator\VideoAccelerator.exe
uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files (x86)\dna\btdna.exe"
uRun: [DownloadAccelerator] "c:\program files (x86)\dap\DAP.EXE" /STARTUP
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Nikon Transfer Monitor] c:\program files (x86)\common files\nikon\monitor\NkMonitor.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\nino\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: RestrictCpl = 0 (0x0)
mPolicies-explorer: NoThemesTab = 0 (0x0)
mPolicies-system: ConsentPromptbehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Clean Traces - c:\program files (x86)\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\dap\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~2\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

================= FIREFOX ===================

FF - ProfilePath - c:\users\nino\appdata\roaming\mozilla\firefox\profiles\4n33fbbu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files (x86)\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\nino\appdata\roaming\mozilla\firefox\profiles\4n33fbbu.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\users\nino\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-14 202752]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 121152]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~2\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 2297216]
R2 YahooAUService;Yahoo! Updater;c:\program files (x86)\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 AtiHdmiService;ATI Service for HD Audio Codec;c:\windows\system32\drivers\AtiHdmi.sys [2009-7-24 119312]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-11 389120]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-9-26 19432]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-6 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-10-4 1038088]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2009-9-30 30192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-09 17:09:03 0 d-----w- C:\_OTL
2009-11-09 16:04:56 0 d-----w- C:\MGADiagToolOutput
2009-11-09 16:04:35 0 d-----w- c:\programdata\Office Genuine Advantage
2009-11-08 18:05:28 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-11-08 12:14:23 0 d-----w- c:\program files (x86)\CCleaner
2009-11-08 10:37:45 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-08 10:37:36 0 d-----w- c:\users\nino\appdata\roaming\SUPERAntiSpyware.com
2009-11-08 10:37:36 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2009-11-08 10:34:38 0 d-----w- c:\users\nino\appdata\roaming\Malwarebytes
2009-11-08 10:34:33 0 d-----w- c:\programdata\Malwarebytes
2009-11-08 10:34:32 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 20:55:06 0 d-----w- c:\program files\Mozilla Firefox
2009-11-06 19:47:36 0 d-----w- C:\Mp3 Output
2009-11-06 19:47:34 8676883 ----a-w- c:\windows\syswow64\mp3Media2.dll
2009-11-06 19:47:33 0 d-----w- c:\program files (x86)\Smallvideosoft
2009-11-06 19:37:07 0 d-----w- c:\program files (x86)\AV Music Morpher Gold
2009-11-06 14:23:01 0 d-----w- c:\windows\syswow64\AGEIA
2009-11-06 12:30:23 0 d-----w- c:\program files (x86)\Fort Zombie
2009-11-06 11:47:23 0 d-----w- c:\program files (x86)\Microsoft XNA
2009-11-06 10:16:28 193 ----a-w- c:\windows\WORDPAD.INI
2009-11-06 09:15:16 3969020 ----a-w- c:\users\nino\i miss you like crazy.flv
2009-11-06 05:49:00 126464 ----a-w- c:\users\nino\advpack.dll
2009-11-06 05:46:11 0 d-----w- c:\programdata\BioWare
2009-11-06 04:25:26 0 d-----w- c:\programdata\Media Center Programs
2009-11-06 04:15:54 0 d-----w- c:\program files (x86)\Dragon Age
2009-11-06 04:15:54 0 d-----w- c:\program files (x86)\common files\BioWare
2009-11-05 19:58:26 0 d-----w- c:\program files (x86)\WinPcap
2009-11-05 19:57:47 0 d-----w- c:\program files\Wireshark
2009-11-05 19:05:52 0 d-----w- c:\program files (x86)\IntenseRO
2009-11-05 12:10:35 0 d-----w- c:\users\nino\appdata\roaming\runic games
2009-11-04 14:31:41 0 d-----w- c:\program files (x86)\Runic Games
2009-11-03 16:17:22 0 d-----w- c:\users\nino\appdata\roaming\GameRanger
2009-11-03 03:02:28 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-01 09:20:47 0 d-----w- c:\users\nino\appdata\roaming\Canneverbe_Limited
2009-11-01 09:20:46 0 d-----w- c:\programdata\Canneverbe Limited
2009-10-31 14:24:33 37979 ----a-w- c:\users\nino\collegehumor.747135e7120318d63b798edce11fd98c.jpg
2009-10-31 07:49:55 68068 ----a-w- c:\users\nino\IRENE.jpg
2009-10-31 07:37:40 440113 ----a-w- c:\users\nino\IRENE.psd
2009-10-31 07:33:41 16515 ----a-w- c:\users\nino\8928_1046993871136_1714376789_89542_7524312_n.jpg
2009-10-29 12:02:45 0 d-----w- c:\program files (x86)\AMPED
2009-10-29 12:01:44 0 d-----w- c:\windows\Downloaded Installations
2009-10-27 17:29:29 0 d-----w- c:\program files (x86)\2K Games
2009-10-27 12:26:55 0 d-sh--w- c:\programdata\SecuROM
2009-10-26 20:25:24 0 d-----w- c:\program files (x86)\MagicISO
2009-10-26 18:46:44 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-25 17:45:44 442936570 ----a-w- c:\windows\MEMORY.DMP
2009-10-23 04:44:11 1431552 ----a-w- c:\users\nino\Dead Space Trainer V2.exe
2009-10-23 04:23:56 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2009-10-23 04:01:30 0 d-----w- c:\users\nino\appdata\roaming\Flock
2009-10-23 04:00:56 0 d-----w- c:\program files (x86)\Dead Space
2009-10-23 03:57:16 53616 ----a-w- c:\windows\syswow64\CMStarter_Kor.dll
2009-10-23 03:57:16 53616 ----a-w- c:\windows\syswow64\CMStarter_Eng.dll
2009-10-23 03:57:16 364912 ----a-w- c:\windows\syswow64\CMStarterCore.exe
2009-10-23 03:57:16 0 d-----w- c:\program files (x86)\WEBZEN
2009-10-23 03:56:08 0 d-----w- c:\program files (x86)\Flock
2009-10-23 03:42:39 983 ----a-w- c:\users\nino\Cheat Engine.lnk
2009-10-23 03:42:38 679936 ----a-w- c:\windows\syswow64\D3DX81ab.dll
2009-10-23 03:42:38 1970176 ----a-w- c:\windows\syswow64\d3dx9.dll
2009-10-23 03:42:36 0 d-----w- c:\program files (x86)\Cheat Engine
2009-10-23 03:18:27 0 d-----w- c:\windows\syswow64\directx
2009-10-22 22:20:27 0 d-----w- c:\program files\Webzen
2009-10-21 03:34:39 0 d-----w- c:\program files (x86)\OpenXML-ODF Translator
2009-10-20 20:50:44 0 d-----w- c:\program files (x86)\Microsoft
2009-10-20 20:46:43 0 d-----w- c:\program files (x86)\Classic Menu for Office
2009-10-20 20:46:35 691592 ----a-w- c:\windows\syswow64\OGACheckControl.DLL
2009-10-20 20:46:35 528744 ----a-w- c:\windows\syswow64\OGAVerify.exe
2009-10-20 20:46:35 502120 ----a-w- c:\windows\syswow64\OGAAddin.dll
2009-10-20 20:40:56 0 d-----w- c:\windows\PCHEALTH
2009-10-20 20:39:15 0 d-----w- c:\program files\Microsoft Office
2009-10-20 20:39:01 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2009-10-20 20:38:16 0 d-----w- c:\programdata\Microsoft Help
2009-10-20 18:20:12 105488 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:20:06 96784 ----a-w- c:\windows\syswow64\Packet.dll
2009-10-20 18:19:58 369168 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19:54 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19:54 281104 ----a-w- c:\windows\syswow64\wpcap.dll
2009-10-20 18:19:30 53299 ----a-w- c:\windows\syswow64\pthreadVC.dll
2009-10-20 14:15:16 2008480 ----a-w- c:\users\nino\RESIDENT EVIL 5 DX10 v1.0.0.129 + 15 Trainer.exe
2009-10-20 13:21:32 0 d-----w- c:\program files (x86)\CAPCOM
2009-10-20 13:20:23 0 d-----w- c:\windows\syswow64\xlive
2009-10-20 13:20:23 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2009-10-17 21:45:22 0 d-----w- c:\program files (x86)\Mindware Studios
2009-10-16 19:46:29 0 d-----w- c:\users\nino\extract
2009-10-16 19:30:49 0 d-----w- C:\Perl64
2009-10-16 19:23:39 318 ----a-w- c:\windows\WPE PRO.INI
2009-10-16 19:21:25 0 d-----w- c:\users\nino\RO Priv ID
2009-10-16 04:01:34 0 d-----w- c:\users\nino\openkore_ready
2009-10-15 15:23:56 0 d-----w- c:\program files (x86)\Gravity
2009-10-15 15:23:33 65536 ----a-w- c:\windows\IFinst27.exe
2009-10-14 11:14:19 0 d-----w- c:\program files (x86)\MPGHARMIT
2009-10-14 02:45:14 0 d-----w- c:\program files\Gravity
2009-10-13 17:55:31 311808 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 17:55:31 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-13 17:55:25 0 d-----w- c:\program files (x86)\MSXML 4.0
2009-10-13 17:53:03 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-10-13 17:52:57 46592 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 17:52:57 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-11 04:14:28 1908 ----a-w- c:\windows\diagwrn.xml
2009-10-11 04:14:28 1908 ----a-w- c:\windows\diagerr.xml
2009-10-11 02:46:03 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-11 02:46:03 513544 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-11 02:46:02 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-11 02:46:02 238088 ----a-w- c:\windows\syswow64\xactengine3_2.dll
2009-10-11 02:46:02 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-11 02:46:02 177672 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-11 02:46:01 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-11 02:40:10 0 d-----w- c:\program files (x86)\Codemasters

==================== Find3M ====================

2009-11-08 12:02:25 174 --sh--w- c:\program files (x86)\desktop.ini
2009-11-02 12:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 15:25:15 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-10-10 00:18:29 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-09 03:07:40 109056 ----a-w- c:\users\nino\risen_v1.0.94946_trn+4.exe
2009-10-03 12:06:35 107008 ----a-w- c:\users\nino\Risen_V1.0_Plus_36_Trainer_By_KelSat.exe
2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-01 06:58:43 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-01 06:58:43 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-09-30 14:50:06 245248 ----a-w- c:\users\nino\HoN_ModMan.exe
2009-09-26 19:24:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-26 19:23:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-26 18:33:18 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-26 15:24:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-09-26 12:34:28 106496 ----a-w- c:\windows\syswow64\ATL71.DLL
2009-09-25 14:06:45 50688 ----a-w- c:\windows\syswow64\wbhelp2.dll
2009-09-25 13:41:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-09-04 09:44:42 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 09:44:40 69464 ----a-w- c:\windows\syswow64\XAPOFX1_3.dll
2009-09-04 09:44:40 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 09:44:40 515416 ----a-w- c:\windows\syswow64\XAudio2_5.dll
2009-09-04 09:44:40 238936 ----a-w- c:\windows\syswow64\xactengine3_5.dll
2009-09-04 09:44:40 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 09:29:34 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2009-09-04 09:29:34 235344 ----a-w- c:\windows\syswow64\d3dx11_42.dll
2009-09-04 09:29:32 5501792 ----a-w- c:\windows\syswow64\d3dcsx_42.dll
2009-09-04 09:29:32 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2009-09-04 09:29:30 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2009-09-04 09:29:24 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 09:29:24 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 09:29:24 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 09:29:22 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 09:29:20 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 05:36:18 70936 ----a-w- c:\windows\syswow64\PhysXLoader.dll
2009-08-14 02:16:22 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:16:12 433152 ----a-w- c:\windows\system32\atieclxx.exe
2009-08-14 02:15:40 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2009-08-14 02:14:22 120320 ----a-w- c:\windows\system32\atitmm64.dll
2009-08-14 02:14:04 421888 ----a-w- c:\windows\system32\atipdl64.dll
2009-08-14 02:13:56 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2009-08-14 02:13:42 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2009-08-14 02:13:36 12288 ----a-w- c:\windows\system32\atimuixx.dll
2009-08-14 02:13:30 59392 ----a-w- c:\windows\system32\atiedu64.dll
2009-08-14 02:13:26 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2009-08-14 02:10:40 2896896 ----a-w- c:\windows\syswow64\atidxx32.dll
2009-08-14 02:06:56 16667136 ----a-w- c:\windows\system32\atio6axx.dll
2009-08-14 02:03:20 3441664 ----a-w- c:\windows\system32\atidxx64.dll
2009-08-14 01:55:20 3578368 ----a-w- c:\windows\syswow64\atiumdag.dll
2009-08-14 01:49:38 4629504 ----a-w- c:\windows\system32\atiumd64.dll
2009-08-14 01:44:36 12916224 ----a-w- c:\windows\syswow64\atioglxx.dll
2009-08-14 01:43:26 2491392 ----a-w- c:\windows\system32\atiumd6a.dll
2009-08-14 01:37:32 2829824 ----a-w- c:\windows\syswow64\atiumdva.dll
2009-08-14 01:25:28 53248 ----a-w- c:\windows\system32\atimpc64.dll
2009-08-14 01:25:28 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2009-08-14 01:25:22 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2009-08-14 01:25:22 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2009-08-14 01:24:58 287744 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:24:50 200704 ----a-w- c:\windows\syswow64\atiadlxy.dll
2009-08-14 01:22:44 48640 ----a-w- c:\windows\system32\aticalrt64.dll
2009-08-14 01:22:40 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2009-08-14 01:22:28 41984 ----a-w- c:\windows\system32\aticalcl64.dll
2009-08-14 01:22:26 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2009-08-14 01:22:12 4564480 ----a-w- c:\windows\system32\aticaldd64.dll
2009-08-14 01:21:16 3481600 ----a-w- c:\windows\syswow64\aticaldd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:21:43.44 ===============

OTL:
OTL logfile created on: 11/10/2009 1:15:41 AM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Nino\Desktop\AV
64bit- Ultimate Edition Service Pack 2 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00003409 | Country: Philippines | Language: ENP | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 241.52 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NINO-PC
Current User Name: Nino
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/08 23:08:12 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Nino\Desktop\AV\OTL.exe
PRC - [2009/11/07 15:36:23 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 05:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/12 00:39:50 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2009/10/12 00:39:50 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2009/10/02 22:43:50 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/09/30 02:26:46 | 00,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/09/25 22:19:00 | 01,435,240 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2009/09/25 22:19:00 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/09/25 22:19:00 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/09/25 22:19:00 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/09/24 21:06:06 | 05,145,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/06 13:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/06 13:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/06 13:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/14 09:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/04/23 21:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009/02/24 17:00:26 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/02/23 21:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (SafeList) ==========

MOD - [2009/11/08 23:08:12 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Nino\Desktop\AV\OTL.exe
MOD - [2009/07/20 04:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 04:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/14 09:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/07/14 09:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/14 09:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 09:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 09:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 09:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/11 05:23:11 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2007/09/02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/04 03:38:10 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/08/14 10:15:40 | 00,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 12:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 09:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 09:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 09:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 09:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 09:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 09:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 09:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 09:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 09:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 09:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 09:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 09:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 09:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 09:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 09:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 09:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 09:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 09:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 09:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 09:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 09:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 09:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/14 09:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 09:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 09:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/05/14 15:54:26 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/30 17:19:56 | 02,297,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/10/21 02:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/10/04 03:38:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/30 02:26:46 | 00,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-090809-085438)
SRV - [2009/09/25 22:19:00 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/09/06 13:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/04 02:51:00 | 03,347,280 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 11:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 11:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 09:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/14 09:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/14 09:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 09:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 04:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/11 05:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/11 04:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/11 04:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/11 04:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/21 02:19:54 | 00,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/01 14:58:43 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/01 14:58:43 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/28 21:57:28 | 00,005,504 | ---- | M] () -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/27 02:33:18 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/14 12:30:12 | 06,201,856 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 14:49:00 | 00,119,312 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 09:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/14 09:48:04 | 00,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 09:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 09:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 09:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 09:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 09:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 09:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 09:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 09:45:55 | 00,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 09:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 09:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 09:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 08:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 08:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 08:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/14 08:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 08:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 08:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 08:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 08:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 08:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 08:06:28 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 08:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 08:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 08:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 08:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 08:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 07:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 07:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 07:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 07:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 07:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 07:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 07:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 07:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 07:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 07:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/18 00:54:30 | 00,057,872 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/18 00:54:22 | 00,055,312 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/11 04:35:33 | 00,389,120 | ---- | M] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 04:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 15:49:56 | 00,121,152 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 15:47:16 | 00,134,024 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 00,142,776 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/03/27 01:23:54 | 00,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/06/27 07:51:10 | 00,088,632 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/28 21:57:28 | 00,007,168 | ---- | M] () -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/25 21:03:39 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/14 09:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 09:16:19 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 09:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 05:28:14 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 05:15:18 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2004/12/31 05:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 70 D7 06 E2 3D CA 01 [binary data]
IE - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\S-1-5-21-738084018-3835902901-3163185614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: betterflickr@ginatrapani.org:0.4.1
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.5
FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.8.6
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.4
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.0.20090707075511
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files (x86)\Flock\components [2009/10/23 12:01:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2009/10/23 11:56:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/07 05:54:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/07 05:54:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/09/26 03:23:41 | 00,000,000 | ---D | M]

[2009/10/23 12:01:37 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Extensions
[2009/10/23 12:01:37 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/09/25 21:27:52 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/30 07:19:33 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/09 02:27:35 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions
[2009/10/20 20:51:11 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/25 21:34:53 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/09/25 22:03:26 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/27 00:16:06 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/30 03:21:48 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\betterflickr@ginatrapani.org
[2009/09/25 21:34:53 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\bettergmail2@ginatrapani.org
[2009/09/25 21:34:53 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\betteryoutube@ginatrapani.org
[2009/09/25 21:34:53 | 00,000,000 | ---D | M] -- C:\Users\Nino\AppData\Roaming\Mozilla\Firefox\Profiles\4n33fbbu.default\extensions\lazarus@interclue.com
[2009/11/09 02:27:35 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/07 05:54:58 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/27 23:36:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/30 02:32:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/07 05:54:57 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 05:54:57 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/30 02:27:00 | 00,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/07 05:54:57 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/03 00:11:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/25 02:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/25 02:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/25 02:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/25 02:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/25 02:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/09/30 02:27:00 | 00,002,020 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\googledesktop.xml
[2009/08/25 02:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/25 02:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCpl = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCpl = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-738084018-3835902901-3163185614-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.4 58.69.254.196 124.104.135.73
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\A\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\B\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\C\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\D\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\E\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\F\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\G\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\H\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\I\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\J\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\K\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\L\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\M\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\N\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\O\Shell\explore\Command - "" = "%1" %*
O33 - MountPoints2\P\Shell\explore\Command - "" = "%1" %*
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 01:12:26 | 00,000,000 | ---D | C] -- C:\Users\Nino\Desktop\AV
[2009/11/10 01:09:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/10 00:24:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2009/11/10 00:04:56 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/11/10 00:04:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/10 00:04:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/09 02:05:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/09 02:05:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/09 00:26:49 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/09 00:26:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/11/08 22:05:01 | 00,080,896 | ---- | C] (KelSat Presents) -- C:\Users\Nino\Desktop\Torchlight_V1.0_Plus_10_Trainer_By_KelSat.exe
[2009/11/08 20:14:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/11/08 18:37:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/11/08 18:37:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/11/08 18:37:36 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\SUPERAntiSpyware.com
[2009/11/08 18:37:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/11/08 18:34:38 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\Malwarebytes
[2009/11/08 18:34:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/08 18:34:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/08 18:34:32 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/08 04:55:06 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\Opera
[2009/11/08 04:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/11/07 03:56:12 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Local\AVNEX_Ltd._(CY)
[2009/11/07 03:47:36 | 00,000,000 | ---D | C] -- C:\Mp3 Output
[2009/11/07 03:47:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Smallvideosoft
[2009/11/07 03:37:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AV Music Morpher Gold
[2009/11/06 23:21:08 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\Fort Zombie Saved Games
[2009/11/06 22:23:01 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2009/11/06 22:23:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2009/11/06 20:35:53 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Local\Kerberos_Productions
[2009/11/06 20:30:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Fort Zombie
[2009/11/06 19:47:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2009/11/06 13:49:00 | 00,126,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Nino\advpack.dll
[2009/11/06 13:46:12 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\BioWare
[2009/11/06 13:46:11 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/06 13:46:11 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/06 12:25:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/06 12:25:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/06 12:15:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2009/11/06 12:15:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2009/11/06 03:58:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2009/11/06 03:57:47 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2009/11/06 03:05:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IntenseRO
[2009/11/05 20:10:35 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\runic games
[2009/11/04 22:31:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2009/11/04 14:37:42 | 00,000,000 | ---D | C] -- C:\Users\Nino\Desktop\Gibbed
[2009/11/04 00:17:22 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\GameRanger
[2009/11/03 11:02:29 | 09,272,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 11:02:28 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/02 12:52:10 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\NFS SHIFT
[2009/11/01 17:20:47 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\Canneverbe_Limited
[2009/11/01 17:20:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2009/11/01 17:20:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2009/10/29 20:02:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AMPED
[2009/10/29 20:01:44 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/10/28 15:07:53 | 00,091,136 | ---- | C] (KelSat Presents) -- C:\Users\Nino\Desktop\Borderlands_V1.0_Plus_10_Trainer_By_KelSat.exe
[2009/10/28 01:29:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2009/10/27 20:26:55 | 00,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2009/10/27 20:26:55 | 00,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2009/10/27 04:25:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2009/10/27 02:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2009/10/26 01:45:47 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/10/23 13:44:12 | 00,000,000 | ---D | C] -- C:\Users\Nino\Desktop\OpenKore
[2009/10/23 12:44:11 | 01,431,552 | ---- | C] (CheatHappens) -- C:\Users\Nino\Dead Space Trainer V2.exe
[2009/10/23 12:24:08 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Local\Electronic Arts
[2009/10/23 12:24:00 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\Electronic Arts
[2009/10/23 12:23:56 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/23 12:01:30 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Roaming\Flock
[2009/10/23 12:01:30 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Local\Flock
[2009/10/23 12:00:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dead Space
[2009/10/23 11:57:16 | 00,364,912 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe
[2009/10/23 11:57:16 | 00,053,616 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll
[2009/10/23 11:57:16 | 00,053,616 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll
[2009/10/23 11:57:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2009/10/23 11:56:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Flock
[2009/10/23 11:42:38 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll
[2009/10/23 11:42:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine
[2009/10/23 11:33:50 | 00,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2009/10/23 11:33:50 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2009/10/23 11:33:50 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2009/10/23 11:33:50 | 00,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2009/10/23 11:33:50 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009/10/23 11:33:50 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009/10/23 11:33:49 | 02,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2009/10/23 11:33:49 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2009/10/23 11:33:48 | 05,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2009/10/23 11:33:48 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2009/10/23 11:33:48 | 00,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2009/10/23 11:33:48 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/10/23 11:33:48 | 00,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2009/10/23 11:33:48 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2009/10/23 11:33:47 | 02,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2009/10/23 11:33:47 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/10/23 11:18:27 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2009/10/23 06:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\Webzen
[2009/10/21 11:34:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenXML-ODF Translator
[2009/10/21 04:50:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/21 04:46:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Classic Menu for Office
[2009/10/21 04:46:35 | 00,502,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OGAAddin.dll
[2009/10/21 04:41:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/10/21 04:41:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/10/21 04:41:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/10/21 04:40:56 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/10/21 04:40:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/10/21 04:39:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/21 04:39:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/10/21 04:38:19 | 00,000,000 | ---D | C] -- C:\Users\Nino\AppData\Local\Microsoft Help
[2009/10/21 04:38:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/10/21 04:38:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/10/21 04:38:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/10/21 04:37:22 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/21 02:20:12 | 00,105,488 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\Packet.dll
[2009/10/21 02:20:06 | 00,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2009/10/21 02:19:58 | 00,369,168 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2009/10/21 02:19:54 | 00,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2009/10/21 02:19:54 | 00,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2009/10/21 00:49:24 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\CAPCOM
[2009/10/20 22:19:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/20 22:15:16 | 02,008,480 | ---- | C] (www.sicheats.com) -- C:\Users\Nino\RESIDENT EVIL 5 DX10 v1.0.0.129 + 15 Trainer.exe
[2009/10/20 21:44:25 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/20 21:21:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CAPCOM
[2009/10/20 21:20:23 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/10/20 21:20:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/10/19 22:00:04 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/18 06:02:37 | 00,000,000 | -HSD | C] -- C:\Users\Nino\AppData\Local\.#
[2009/10/18 06:02:13 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\Aspyr
[2009/10/18 05:45:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mindware Studios
[2009/10/17 03:46:29 | 00,000,000 | ---D | C] -- C:\Users\Nino\extract
[2009/10/17 03:30:49 | 00,000,000 | ---D | C] -- C:\Perl64
[2009/10/17 03:21:25 | 00,000,000 | ---D | C] -- C:\Users\Nino\RO Priv ID
[2009/10/16 16:36:35 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/16 16:36:32 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/16 16:36:30 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009/10/16 16:36:30 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009/10/16 16:36:30 | 00,982,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/16 16:36:29 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/16 16:36:29 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009/10/16 16:36:29 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/10/16 16:36:29 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/10/16 16:36:29 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/10/16 16:36:29 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/10/16 16:36:29 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/10/16 16:36:29 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/10/16 16:36:28 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/16 16:36:28 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/16 12:01:34 | 00,000,000 | ---D | C] -- C:\Users\Nino\openkore_ready
[2009/10/15 23:23:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2009/10/14 19:14:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MPGHARMIT
[2009/10/14 10:45:14 | 00,000,000 | ---D | C] -- C:\Program Files\Gravity
[2009/10/14 01:55:31 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/14 01:55:31 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/14 01:55:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009/10/14 01:53:03 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/14 01:53:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/14 01:52:57 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/14 01:52:57 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/11 11:59:01 | 00,000,000 | ---D | C] -- C:\Users\Nino\Documents\My Games
[2009/10/11 10:46:03 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009/10/11 10:46:03 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009/10/11 10:46:02 | 01,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2009/10/11 10:46:02 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2009/10/11 10:46:02 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009/10/11 10:46:02 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009/10/11 10:46:01 | 04,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2009/10/11 10:40:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters

========== Files - Modified Within 30 Days ==========

[2009/11/10 01:16:19 | 00,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/10 01:16:19 | 00,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/10 01:14:59 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/10 01:14:59 | 00,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/10 01:14:59 | 00,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/10 01:11:32 | 02,097,152 | -HS- | M] () -- C:\Users\Nino\NTUSER.DAT
[2009/11/10 01:10:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/10 01:10:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/10 01:10:34 | 53,622,3743 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 01:09:44 | 02,632,936 | -H-- | M] () -- C:\Users\Nino\AppData\Local\IconCache.db
[2009/11/09 00:51:38 | 00,003,283 | ---- | M] () -- C:\Users\Nino\Documents\Attach.zip
[2009/11/09 00:26:33 | 00,001,104 | ---- | M] () -- C:\Users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/08 20:03:44 | 44,293,6570 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/08 20:02:25 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/11/06 20:31:24 | 00,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Fort Zombie.lnk
[2009/11/06 18:16:28 | 00,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2009/11/06 17:15:43 | 03,969,020 | ---- | M] () -- C:\Users\Nino\i miss you like crazy.flv
[2009/11/06 12:25:23 | 00,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2009/11/06 03:06:13 | 00,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2009/11/04 00:17:34 | 00,001,068 | ---- | M] () -- C:\Users\Nino\Desktop\GameRanger.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/11/02 10:17:18 | 00,389,120 | ---- | M] () -- C:\Users\Nino\Desktop\brew-bl.exe
[2009/10/31 22:24:35 | 00,037,979 | ---- | M] () -- C:\Users\Nino\collegehumor.747135e7120318d63b798edce11fd98c.jpg
[2009/10/31 15:49:57 | 00,068,068 | ---- | M] () -- C:\Users\Nino\IRENE.jpg
[2009/10/31 15:49:44 | 00,440,113 | ---- | M] () -- C:\Users\Nino\IRENE.psd
[2009/10/31 15:33:41 | 00,016,515 | ---- | M] () -- C:\Users\Nino\8928_1046993871136_1714376789_89542_7524312_n.jpg
[2009/10/28 00:43:44 | 00,080,896 | ---- | M] (KelSat Presents) -- C:\Users\Nino\Desktop\Torchlight_V1.0_Plus_10_Trainer_By_KelSat.exe
[2009/10/27 11:42:59 | 00,091,136 | ---- | M] (KelSat Presents) -- C:\Users\Nino\Desktop\Borderlands_V1.0_Plus_10_Trainer_By_KelSat.exe
[2009/10/27 04:43:23 | 42,719,87476 | ---- | M] () -- C:\Users\Nino\Documents\win7.UIF
[2009/10/23 12:23:56 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/23 11:42:39 | 00,000,983 | ---- | M] () -- C:\Users\Nino\Cheat Engine.lnk
[2009/10/21 16:34:19 | 03,017,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/21 14:59:18 | 00,108,840 | ---- | M] () -- C:\Users\Nino\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/21 04:43:23 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/10/21 02:20:12 | 00,105,488 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\Packet.dll
[2009/10/21 02:20:06 | 00,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2009/10/21 02:19:58 | 00,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2009/10/21 02:19:54 | 00,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2009/10/21 02:19:54 | 00,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2009/10/21 02:19:30 | 00,053,299 | ---- | M] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/19 22:46:09 | 09,272,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/19 22:10:10 | 05,958,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/17 03:27:02 | 00,000,318 | ---- | M] () -- C:\Windows\WPE PRO.INI
[2009/10/15 23:23:28 | 00,000,695 | ---- | M] () -- C:\Users\Nino\AppData\Roaming\kalypte-user.ini
[2009/10/12 23:25:15 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/10/12 23:25:15 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/10/11 12:14:31 | 00,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/10/11 12:14:31 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

========== Files Created - No Company Name ==========

[2009/11/09 00:51:38 | 00,003,283 | ---- | C] () -- C:\Users\Nino\Documents\Attach.zip
[2009/11/09 00:26:33 | 00,001,104 | ---- | C] () -- C:\Users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/07 03:47:34 | 08,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2009/11/06 20:31:24 | 00,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Fort Zombie.lnk
[2009/11/06 18:16:28 | 00,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/11/06 17:15:16 | 03,969,020 | ---- | C] () -- C:\Users\Nino\i miss you like crazy.flv
[2009/11/06 12:25:23 | 00,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2009/11/04 14:37:55 | 00,389,120 | ---- | C] () -- C:\Users\Nino\Desktop\brew-bl.exe
[2009/11/04 00:17:34 | 00,001,068 | ---- | C] () -- C:\Users\Nino\Desktop\GameRanger.lnk
[2009/10/31 22:24:33 | 00,037,979 | ---- | C] () -- C:\Users\Nino\collegehumor.747135e7120318d63b798edce11fd98c.jpg
[2009/10/31 15:49:55 | 00,068,068 | ---- | C] () -- C:\Users\Nino\IRENE.jpg
[2009/10/31 15:37:40 | 00,440,113 | ---- | C] () -- C:\Users\Nino\IRENE.psd
[2009/10/31 15:33:41 | 00,016,515 | ---- | C] () -- C:\Users\Nino\8928_1046993871136_1714376789_89542_7524312_n.jpg
[2009/10/27 04:30:08 | 42,719,87476 | ---- | C] () -- C:\Users\Nino\Documents\win7.UIF
[2009/10/27 02:46:44 | 00,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/10/27 02:46:44 | 00,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2009/10/26 01:45:44 | 44,293,6570 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/23 11:42:39 | 00,000,983 | ---- | C] () -- C:\Users\Nino\Cheat Engine.lnk
[2009/10/23 11:42:38 | 01,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/10/21 04:46:35 | 00,691,592 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2009/10/21 04:46:35 | 00,528,744 | ---- | C] () -- C:\Windows\SysWow64\OGAVerify.exe
[2009/10/21 02:19:30 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/17 03:23:39 | 00,000,318 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/10/15 23:23:33 | 00,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2009/10/11 12:14:28 | 00,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/10/11 12:14:28 | 00,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/10/10 05:35:12 | 00,000,695 | ---- | C] () -- C:\Users\Nino\AppData\Roaming\kalypte-user.ini
[2009/09/26 23:27:56 | 00,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/09/26 20:46:45 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Funk Animals
[2009/09/26 20:46:45 | 00,000,268 | RH-- | C] () -- C:\Users\Nino\AppData\Roaming\Fonts
[2009/09/26 20:46:45 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/09/26 20:46:45 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Guides
[2009/09/26 20:34:30 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2009/09/26 20:34:30 | 00,000,268 | RH-- | C] () -- C:\Users\Nino\AppData\Roaming\Folder Actions Handlers
[2009/09/26 20:34:30 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/09/26 20:34:30 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Generic
[2009/09/25 22:19:40 | 02,632,936 | -H-- | C] () -- C:\Users\Nino\AppData\Local\IconCache.db
[2009/09/25 21:15:48 | 00,108,840 | ---- | C] () -- C:\Users\Nino\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 13:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 13:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/14 10:34:57 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009/07/14 10:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/14 07:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >

Back to top of the page up there ^
MultiQuote
Reply

#19 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 09 November 2009 - 05:25 PM

how come OTL says i have 4.00gb of total physical mem? o_O
i have 3 sticks of 2gb each on my system and even other diag apps detect all my 6.00gb

Back to top of the page up there ^
MultiQuote
Reply

#20 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 09 November 2009 - 05:43 PM

Hello.

How's your computer running now? What problems do you still have? Please give me an update in your next reply.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

--
I also suggest you disable autorun in Windows 7 if it's not already done so: http://www.addictive...y-in-windows-7/

Run SystemLook

Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor)
A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".

Copy and Paste the content of the following codebox into the main textfield under "File":

:file
C:\Windows\SysWow64\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWow64\mctadmin.exe
C:\Windows\system32\mctadmin.exe

Please Confirm everything is copied and Pasted as I have provided above
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan.
Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task

Back to top of the page up there ^
MultiQuote
Reply

#21 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 09 November 2009 - 05:51 PM

SomeoneSomewhere, on 09 November 2009 - 12:25 PM, said:

how come OTL says i have 4.00gb of total physical mem? o_O
i have 3 sticks of 2gb each on my system and even other diag apps detect all my 6.00gb

The physical memory is the total physical memory this computer has installed which in your case is 4GB. You can find that by right-clicking on My computer and selecting Properties. What is Physical Memory: http://www.ehow.com/...y-computer.html

With Regards,
Extremeboy

Back to top of the page up there ^
MultiQuote
Reply

#22 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 09 November 2009 - 06:39 PM

my system's running smoothly again now :D thanks :D
ah ok.
regarding the physical memory (properties of my Computer show 6.00gb)

SystemLook:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 02:37 on 10/11/2009 by Nino (Administrator - Elevation successful)

========== file ==========

C:\Windows\SysWow64\conhost.exe - Unable to find/read file.

C:\Windows\system32\conhost.exe - Unable to find/read file.

C:\Windows\SysWow64\mctadmin.exe - Unable to find/read file.

C:\Windows\system32\mctadmin.exe - Unable to find/read file.

-=End Of File=-

Back to top of the page up there ^
MultiQuote
Reply

#23 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 09 November 2009 - 06:53 PM

You're welcome.

Not sure about the Physical Memory thing that OTL reported but I wouldn't worry about it. Most 64bit systems have at least 4GB of memory. I can ask the author if you want to know, I think it may just be an error. DDS reported that you do have 6GB of memory installed so should be fine.

--

Let's update your Java and run an online scan and see if there's still anything lurking around.

Update Java to Version 6 Update 17

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for Java Runtime Environment (JRE) JRE 6 Update 17.
Click the Download button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left once more.

Thanks.

With Regards,
Extremeboy

Back to top of the page up there ^
MultiQuote
Reply

#24 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 10 November 2009 - 11:37 AM

Eset found 5 threats, had them removed.

DDS (Ver_09-10-26.01) - NTFSX64
Run by Nino at 19:34:14.63 on Tue 11/10/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.2.1252.63.1033.18.6143.4292 [GMT 8:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nino\Desktop\Torchlight_V1.2_Plus_10_Trainer_By_KelSat.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nino\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\speedb~2\toolbar\grabber.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
uRun: [Sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Messenger (Yahoo!)] "c:\program files (x86)\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpeedBitVideoAccelerator] c:\program files (x86)\speedbit video accelerator\VideoAccelerator.exe
uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files (x86)\dna\btdna.exe"
uRun: [DownloadAccelerator] "c:\program files (x86)\dap\DAP.EXE" /STARTUP
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Nikon Transfer Monitor] c:\program files (x86)\common files\nikon\monitor\NkMonitor.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\nino\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: RestrictCpl = 0 (0x0)
mPolicies-explorer: NoThemesTab = 0 (0x0)
mPolicies-system: ConsentPromptbehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Clean Traces - c:\program files (x86)\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\dap\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~2\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\nino\appdata\roaming\mozilla\firefox\profiles\4n33fbbu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files (x86)\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\nino\appdata\roaming\mozilla\firefox\profiles\4n33fbbu.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\users\nino\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-14 202752]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 121152]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~2\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 2297216]
R2 YahooAUService;Yahoo! Updater;c:\program files (x86)\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 AtiHdmiService;ATI Service for HD Audio Codec;c:\windows\system32\drivers\AtiHdmi.sys [2009-7-24 119312]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-11 389120]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-9-26 19432]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-6 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-10-4 1038088]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2009-9-30 30192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-10 10:20:05 0 d-----w- c:\program files (x86)\ESET
2009-11-10 10:17:58 0 d-----w- c:\windows\system32\appmgmt
2009-11-10 10:16:21 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 10:14:55 0 d-----w- c:\program files\Java
2009-11-09 17:09:03 0 d-----w- C:\_OTL
2009-11-09 16:04:56 0 d-----w- C:\MGADiagToolOutput
2009-11-09 16:04:35 0 d-----w- c:\programdata\Office Genuine Advantage
2009-11-08 18:05:28 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-11-08 12:14:23 0 d-----w- c:\program files (x86)\CCleaner
2009-11-08 10:37:45 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-08 10:37:36 0 d-----w- c:\users\nino\appdata\roaming\SUPERAntiSpyware.com
2009-11-08 10:37:36 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2009-11-08 10:34:38 0 d-----w- c:\users\nino\appdata\roaming\Malwarebytes
2009-11-08 10:34:33 0 d-----w- c:\programdata\Malwarebytes
2009-11-08 10:34:32 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 20:55:06 0 d-----w- c:\program files\Mozilla Firefox
2009-11-06 19:47:36 0 d-----w- C:\Mp3 Output
2009-11-06 19:47:34 8676883 ----a-w- c:\windows\syswow64\mp3Media2.dll
2009-11-06 19:47:33 0 d-----w- c:\program files (x86)\Smallvideosoft
2009-11-06 19:37:07 0 d-----w- c:\program files (x86)\AV Music Morpher Gold
2009-11-06 14:23:01 0 d-----w- c:\windows\syswow64\AGEIA
2009-11-06 12:30:23 0 d-----w- c:\program files (x86)\Fort Zombie
2009-11-06 11:47:23 0 d-----w- c:\program files (x86)\Microsoft XNA
2009-11-06 10:16:28 193 ----a-w- c:\windows\WORDPAD.INI
2009-11-06 09:15:16 3969020 ----a-w- c:\users\nino\i miss you like crazy.flv
2009-11-06 05:49:00 126464 ----a-w- c:\users\nino\advpack.dll
2009-11-06 05:46:11 0 d-----w- c:\programdata\BioWare
2009-11-06 04:25:26 0 d-----w- c:\programdata\Media Center Programs
2009-11-06 04:15:54 0 d-----w- c:\program files (x86)\Dragon Age
2009-11-06 04:15:54 0 d-----w- c:\program files (x86)\common files\BioWare
2009-11-05 19:58:26 0 d-----w- c:\program files (x86)\WinPcap
2009-11-05 19:57:47 0 d-----w- c:\program files\Wireshark
2009-11-05 19:05:52 0 d-----w- c:\program files (x86)\IntenseRO
2009-11-05 12:10:35 0 d-----w- c:\users\nino\appdata\roaming\runic games
2009-11-04 14:31:41 0 d-----w- c:\program files (x86)\Runic Games
2009-11-03 16:17:22 0 d-----w- c:\users\nino\appdata\roaming\GameRanger
2009-11-03 03:02:28 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-01 09:20:47 0 d-----w- c:\users\nino\appdata\roaming\Canneverbe_Limited
2009-11-01 09:20:46 0 d-----w- c:\programdata\Canneverbe Limited
2009-10-31 14:24:33 37979 ----a-w- c:\users\nino\collegehumor.747135e7120318d63b798edce11fd98c.jpg
2009-10-31 07:49:55 68068 ----a-w- c:\users\nino\IRENE.jpg
2009-10-31 07:37:40 440113 ----a-w- c:\users\nino\IRENE.psd
2009-10-31 07:33:41 16515 ----a-w- c:\users\nino\8928_1046993871136_1714376789_89542_7524312_n.jpg
2009-10-29 12:02:45 0 d-----w- c:\program files (x86)\AMPED
2009-10-29 12:01:44 0 d-----w- c:\windows\Downloaded Installations
2009-10-27 17:29:29 0 d-----w- c:\program files (x86)\2K Games
2009-10-27 12:26:55 0 d-sh--w- c:\programdata\SecuROM
2009-10-26 20:25:24 0 d-----w- c:\program files (x86)\MagicISO
2009-10-26 18:46:44 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-25 17:45:44 442936570 ----a-w- c:\windows\MEMORY.DMP
2009-10-23 04:44:11 1431552 ----a-w- c:\users\nino\Dead Space Trainer V2.exe
2009-10-23 04:23:56 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2009-10-23 04:01:30 0 d-----w- c:\users\nino\appdata\roaming\Flock
2009-10-23 04:00:56 0 d-----w- c:\program files (x86)\Dead Space
2009-10-23 03:57:16 53616 ----a-w- c:\windows\syswow64\CMStarter_Kor.dll
2009-10-23 03:57:16 53616 ----a-w- c:\windows\syswow64\CMStarter_Eng.dll
2009-10-23 03:57:16 364912 ----a-w- c:\windows\syswow64\CMStarterCore.exe
2009-10-23 03:57:16 0 d-----w- c:\program files (x86)\WEBZEN
2009-10-23 03:56:08 0 d-----w- c:\program files (x86)\Flock
2009-10-23 03:42:39 983 ----a-w- c:\users\nino\Cheat Engine.lnk
2009-10-23 03:42:38 679936 ----a-w- c:\windows\syswow64\D3DX81ab.dll
2009-10-23 03:42:38 1970176 ----a-w- c:\windows\syswow64\d3dx9.dll
2009-10-23 03:42:36 0 d-----w- c:\program files (x86)\Cheat Engine
2009-10-23 03:18:27 0 d-----w- c:\windows\syswow64\directx
2009-10-22 22:20:27 0 d-----w- c:\program files\Webzen
2009-10-21 03:34:39 0 d-----w- c:\program files (x86)\OpenXML-ODF Translator
2009-10-20 20:50:44 0 d-----w- c:\program files (x86)\Microsoft
2009-10-20 20:46:43 0 d-----w- c:\program files (x86)\Classic Menu for Office
2009-10-20 20:46:35 691592 ----a-w- c:\windows\syswow64\OGACheckControl.DLL
2009-10-20 20:46:35 528744 ----a-w- c:\windows\syswow64\OGAVerify.exe
2009-10-20 20:46:35 502120 ----a-w- c:\windows\syswow64\OGAAddin.dll
2009-10-20 20:40:56 0 d-----w- c:\windows\PCHEALTH
2009-10-20 20:39:15 0 d-----w- c:\program files\Microsoft Office
2009-10-20 20:39:01 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2009-10-20 20:38:16 0 d-----w- c:\programdata\Microsoft Help
2009-10-20 18:20:12 105488 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:20:06 96784 ----a-w- c:\windows\syswow64\Packet.dll
2009-10-20 18:19:58 369168 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19:54 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19:54 281104 ----a-w- c:\windows\syswow64\wpcap.dll
2009-10-20 18:19:30 53299 ----a-w- c:\windows\syswow64\pthreadVC.dll
2009-10-20 14:15:16 2008480 ----a-w- c:\users\nino\RESIDENT EVIL 5 DX10 v1.0.0.129 + 15 Trainer.exe
2009-10-20 13:21:32 0 d-----w- c:\program files (x86)\CAPCOM
2009-10-20 13:20:23 0 d-----w- c:\windows\syswow64\xlive
2009-10-20 13:20:23 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2009-10-17 21:45:22 0 d-----w- c:\program files (x86)\Mindware Studios
2009-10-16 19:46:29 0 d-----w- c:\users\nino\extract
2009-10-16 19:30:49 0 d-----w- C:\Perl64
2009-10-16 19:23:39 318 ----a-w- c:\windows\WPE PRO.INI
2009-10-16 19:21:25 0 d-----w- c:\users\nino\RO Priv ID
2009-10-16 04:01:34 0 d-----w- c:\users\nino\openkore_ready
2009-10-15 15:23:56 0 d-----w- c:\program files (x86)\Gravity
2009-10-15 15:23:33 65536 ----a-w- c:\windows\IFinst27.exe
2009-10-14 11:14:19 0 d-----w- c:\program files (x86)\MPGHARMIT
2009-10-14 02:45:14 0 d-----w- c:\program files\Gravity
2009-10-13 17:55:31 311808 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 17:55:31 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-13 17:55:25 0 d-----w- c:\program files (x86)\MSXML 4.0
2009-10-13 17:53:03 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-10-13 17:52:57 46592 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 17:52:57 34816 ----a-w- c:\windows\syswow64\msasn1.dll

==================== Find3M ====================

2009-11-08 12:02:25 174 --sh--w- c:\program files (x86)\desktop.ini
2009-11-02 12:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 15:25:15 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-10-10 00:18:29 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-09 03:07:40 109056 ----a-w- c:\users\nino\risen_v1.0.94946_trn+4.exe
2009-10-03 12:06:35 107008 ----a-w- c:\users\nino\Risen_V1.0_Plus_36_Trainer_By_KelSat.exe
2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-01 06:58:43 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-01 06:58:43 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-09-30 14:50:06 245248 ----a-w- c:\users\nino\HoN_ModMan.exe
2009-09-26 19:24:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-26 19:23:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-26 18:33:18 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-26 15:24:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-09-26 12:34:28 106496 ----a-w- c:\windows\syswow64\ATL71.DLL
2009-09-25 14:06:45 50688 ----a-w- c:\windows\syswow64\wbhelp2.dll
2009-09-25 13:41:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-09-04 09:44:42 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 09:44:40 69464 ----a-w- c:\windows\syswow64\XAPOFX1_3.dll
2009-09-04 09:44:40 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 09:44:40 515416 ----a-w- c:\windows\syswow64\XAudio2_5.dll
2009-09-04 09:44:40 238936 ----a-w- c:\windows\syswow64\xactengine3_5.dll
2009-09-04 09:44:40 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 09:29:34 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2009-09-04 09:29:34 235344 ----a-w- c:\windows\syswow64\d3dx11_42.dll
2009-09-04 09:29:32 5501792 ----a-w- c:\windows\syswow64\d3dcsx_42.dll
2009-09-04 09:29:32 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2009-09-04 09:29:30 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2009-09-04 09:29:24 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 09:29:24 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 09:29:24 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 09:29:22 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 09:29:20 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 05:36:18 70936 ----a-w- c:\windows\syswow64\PhysXLoader.dll
2009-08-14 02:16:22 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:16:12 433152 ----a-w- c:\windows\system32\atieclxx.exe
2009-08-14 02:15:40 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2009-08-14 02:14:22 120320 ----a-w- c:\windows\system32\atitmm64.dll
2009-08-14 02:14:04 421888 ----a-w- c:\windows\system32\atipdl64.dll
2009-08-14 02:13:56 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2009-08-14 02:13:42 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2009-08-14 02:13:36 12288 ----a-w- c:\windows\system32\atimuixx.dll
2009-08-14 02:13:30 59392 ----a-w- c:\windows\system32\atiedu64.dll
2009-08-14 02:13:26 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2009-08-14 02:10:40 2896896 ----a-w- c:\windows\syswow64\atidxx32.dll
2009-08-14 02:06:56 16667136 ----a-w- c:\windows\system32\atio6axx.dll
2009-08-14 02:03:20 3441664 ----a-w- c:\windows\system32\atidxx64.dll
2009-08-14 01:55:20 3578368 ----a-w- c:\windows\syswow64\atiumdag.dll
2009-08-14 01:49:38 4629504 ----a-w- c:\windows\system32\atiumd64.dll
2009-08-14 01:44:36 12916224 ----a-w- c:\windows\syswow64\atioglxx.dll
2009-08-14 01:43:26 2491392 ----a-w- c:\windows\system32\atiumd6a.dll
2009-08-14 01:37:32 2829824 ----a-w- c:\windows\syswow64\atiumdva.dll
2009-08-14 01:25:28 53248 ----a-w- c:\windows\system32\atimpc64.dll
2009-08-14 01:25:28 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2009-08-14 01:25:22 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2009-08-14 01:25:22 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2009-08-14 01:24:58 287744 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:24:50 200704 ----a-w- c:\windows\syswow64\atiadlxy.dll
2009-08-14 01:22:44 48640 ----a-w- c:\windows\system32\aticalrt64.dll
2009-08-14 01:22:40 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2009-08-14 01:22:28 41984 ----a-w- c:\windows\system32\aticalcl64.dll
2009-08-14 01:22:26 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2009-08-14 01:22:12 4564480 ----a-w- c:\windows\system32\aticaldd64.dll
2009-08-14 01:21:16 3481600 ----a-w- c:\windows\syswow64\aticaldd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:34:45.04 ===============

Attached File(s)

DDSattach.zip (7.48K)
Number of downloads: 1

Back to top of the page up there ^
MultiQuote
Reply

#25 SomeoneSomewhere

Full Member

Group: Member+
Posts: 13
Joined: 08-November 09

Posted 10 November 2009 - 12:05 PM

i noticed that there are 2 desktop.ini's
one contains:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

and the other:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

are these harmful? or can i delete them? or move them?

Back to top of the page up there ^
MultiQuote
Reply

#26 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 10 November 2009 - 01:16 PM

Will review the logs once I come back.

Back to top of the page up there ^
MultiQuote
Reply

#27 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 13 November 2009 - 09:26 PM

Apologies for the delay, I totally overlooked this topic and thought I replied already however, I did not see you log in since the 11th so are you still there or require help?

Please reply back letting me know so we can continue.

~EB

Back to top of the page up there ^
MultiQuote
Reply

#28 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 15 November 2009 - 11:07 PM

Hello.

I'll just review the logs in case you do ever log on and post back.

The logs look clean now, no sign of any active infections.

Quote

are these harmful? or can i delete them? or move them?

Those are fine and legitimate. Those should be hidden. You can hide those again by doing the following...

Go to Start > My Computer
Go to Organize > Folder Options
Click on the View tab
Tick the following:

Hide extensions for known file types
Hide protected operating system files (Recommended)
Show hidden files and folders

Click Apply and then click OK
---

Other than that we can cleanup.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

Create a New System Restore Point<- Very Important

Now you should [B][COLOR=blue]Create a New Restore Point[/COLOR][/B] [B][COLOR=red]to prevent possible reinfection from an old one[/COLOR][/B]. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

[B][COLOR=green]The easiest and safest way to do this is[/COLOR][/B]:

Go to [B]Start[/B] > [B]Programs[/B] > [B]Accessories[/B] > [B]System Tools[/B] and click "[B][COLOR=green]System Restore[/COLOR][/B]".
Choose the radio button marked "[B]Create a Restore Point[/B]" on the first screen then click "[B]Next[/B]". Give the R.P. a name, then click "[B]Create[/B]". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use [B][COLOR=blue]Disk Cleanup[/color][/B] to remove all but the most recently created Restore Point.
Go to [B]Start[/B] > Run and type: [COLOR=green]Cleanmgr[/COLOR]
Click "Ok"
Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" Tab.
Click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: [B][COLOR=blue]Create a New Restore Point[/COLOR][/B] and [B][COLOR=blue]Disk Cleanup[/COLOR][/B].

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :D :thumbup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

Quote

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing 247Fixes as you malware removal source.
Don't forget to tell your friends about us and Good luck :cheers:

Would you like to learn how to use HijackThis and Remove Malware? Why not apply for the 247Fixes Academy Training Program?

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Back to top of the page up there ^
MultiQuote
Reply

#29 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 18 November 2009 - 01:17 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 7-9 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy

Back to top of the page up there ^
MultiQuote
Reply

#30 Extremeboy

Da 247 Malware Disintegrator Instructor

Group: Academy Instructor
Posts: 2521
Joined: 19-February 09
Gender:Male

Posted 19 November 2009 - 11:46 PM

This thread is being closed because it has been resolved. If you would like it to be reopened please contact me or another member of the Moderating team.

As always, we'd like to thank you for using 247fixes. Have a great day!

This only applies to the original poster if you're not the original poster please start a new topic in this forum.

Back to top of the page up there ^
MultiQuote
Reply

(2 Pages)
←
1
2

You cannot start a new topic
This topic is locked

247fixes PC Help Forum: [Resolved] Virus Overheats My Processor (O_O) - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Resolved] Virus Overheats My Processor (O_O) virus makes all my cores 100% full load

#16 SomeoneSomewhere

#17 Extremeboy

#18 SomeoneSomewhere

#19 SomeoneSomewhere

#20 Extremeboy

#21 Extremeboy

#22 SomeoneSomewhere

#23 Extremeboy

#24 SomeoneSomewhere

Attached File(s)

#25 SomeoneSomewhere

#26 Extremeboy

#27 Extremeboy

#28 Extremeboy

#29 Extremeboy

#30 Extremeboy

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

247fixes PC Help Forum: [Resolved] Virus Overheats My Processor (O_O) - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Resolved] Virus Overheats My Processor (O_O) virus makes all my cores 100% full load

Attached File(s)

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users