New Posts  All Forums:Forum Nav:

Hijackthis help

post #1 of 27
Thread Starter 
Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:55:31 PM, on 4/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AAWTray.exe
C:\\Windows\\PLFSetI.exe
C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe
C:\\Program Files (x86)\\Launch Manager\\LManager.exe
C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe
C:\\Program Files (x86)\\uTorrent\\uTorrent.exe
C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe
C:\\Program Files (x86)\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Program Files (x86)\\Trend Micro\\HiJackThis\\HiJackThis.exe
C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0l_ActiveX.exe
C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\Ad-Aware.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://acer.msn.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\\PROGRA~2\\mcafee\\SITEAD~1\\mcieplg.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\YTNavAss ist.dll
F2 - REG:system.ini: UserInit=C:\\Windows\\SysWOW64\\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\\PROGRA~2\\SITERA~1\\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\\progra~1\\mcafee\\msk\\mskapbho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files (x86)\\Common Files\\McAfee\\SystemCore\\ScriptSn.20110311074242 .dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\\Program Files (x86)\\Windows Live\\Companion\\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\\PROGRA~2\\mcafee\\SITEAD~1\\mcieplg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\YTSingle Instance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\\PROGRA~2\\mcafee\\SITEAD~1\\mcieplg.dll
O3 - Toolbar: @C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll
O4 - HKLM\\..\\Run: [IAStorIcon] C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe
O4 - HKLM\\..\\Run: [LManager] C:\\Program Files (x86)\\Launch Manager\\LManager.exe
O4 - HKLM\\..\\Run: [mcui_exe] "C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe" /runkey
O4 - HKLM\\..\\Run: [Norton Online Backup] C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [BackupManagerTray] "C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe" -h -k
O4 - HKLM\\..\\Run: [Microsoft Default Manager] "C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe" -resume
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] "C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.e xe" -quiet
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\Windows\\system32\\GPhotos.scr/200
O9 - Extra button: @C:\\Program Files (x86)\\Windows Live\\Companion\\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\\Program Files (x86)\\Windows Live\\Companion\\companioncore.dll
O9 - Extra button: @C:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/B...es/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/B.../armhelper.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\PROGRA~2\\mcafee\\SITEAD~1\\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\PROGRA~2\\mcafee\\SITEAD~1\\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe
O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe
O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files (x86)\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\\Program Files (x86)\\WildTangent Games\\App\\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\\Program Files (x86)\\Acer\\Registration\\GREGsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files (x86)\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\\Program Files\\mcafee\\VirusScan\\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe
O23 - Service: @%SystemRoot%\\System32\
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\IScheduleSvc.exe
O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\\Program Files (x86)\\Spybot - Search & Destroy\\SDWinSec.exe
O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe
O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)
O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files (x86)\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe
--
End of file - 13382 bytes
What do you guys see?/ thanks
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #2 of 27
What the heck am I looking for? lol
    
CPUMotherboardGraphicsGraphics
i7 2600k Gigabyte P67-UD4-B3 GTX 580 GTX 580 
RAMHard DriveOSMonitor
Who cares? Intel SSD  Windows 7 Dell u3011 
MonitorPowerCaseMouse
Dell u3011 Seasonic x1200 800D G700 
AudioAudio
Xonar STX Beyerdynamic DT 990 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
i7 2600k Gigabyte P67-UD4-B3 GTX 580 GTX 580 
RAMHard DriveOSMonitor
Who cares? Intel SSD  Windows 7 Dell u3011 
MonitorPowerCaseMouse
Dell u3011 Seasonic x1200 800D G700 
AudioAudio
Xonar STX Beyerdynamic DT 990 
  hide details  
Reply
post #3 of 27
Do you have any symptoms to describe? Nothing is really jumping out at me from the log, though I only gave it a skim. You should use something like DDS or OTL instead, HJT hasn't been updated in years.
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #4 of 27
Thread Starter 
Quote:
Originally Posted by SS_Patrick View Post
What the heck am I looking for? lol
lol things that shouldnt be there, hijackers, rootkits
Quote:
Originally Posted by Waffleboy View Post
Do you have any symptoms to describe? Nothing is really jumping out at me from the log, though I only gave it a skim. You should use something like DDS or OTL instead, HJT hasn't been updated in years.
pretty much just redirecting when clicking on links. ill give those apps a try thanks.
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #5 of 27
Thread Starter 
there we go
Quote:
OTL logfile created on: 4/20/2011 7:16:05 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\\Users\
osar\\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)
Drive C: | 219.29 Gb Total Space | 170.96 Gb Free Space | 77.96% Space Free | Partition Type: NTFS

Computer Name: ROSAR-PC | User Name: rosar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 19:14:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\\Users\
osar\\Downloads\\OTL.exe
PRC - [2011/04/19 09:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AAWTray.exe
PRC - [2011/04/19 09:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AAWService.exe
PRC - [2011/04/01 00:22:01 | 000,994,304 | ---- | M] () -- C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AWSC.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
PRC - [2011/03/17 20:17:40 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\\Program Files (x86)\\uTorrent\\uTorrent.exe
PRC - [2011/03/11 02:26:39 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0l_ActiveX.exe
PRC - [2010/10/17 02:05:39 | 000,206,208 | ---- | M] () -- C:\\Windows\\PLFSetI.exe
PRC - [2010/08/10 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\\Program Files (x86)\\Launch Manager\\LManager.exe
PRC - [2010/08/10 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe
PRC - [2010/08/10 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\\Program Files (x86)\\Launch Manager\\LMworker.exe
PRC - [2010/06/28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe
PRC - [2010/06/28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\IScheduleSvc.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftlist.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\\Program Files (x86)\\Acer\\Registration\\GREGsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files (x86)\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 19:14:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\\Users\
osar\\Downloads\\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\sahook.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 23:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 23:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\\Program Files\\Common Files\\McAfee\\SystemCore\\\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 23:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\\Program Files\\Common Files\\mcafee\\systemcore\\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\mcafee\\VirusScan\\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Program Files\\Windows Live\\Mesh\\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files\\Acer\\Acer ePower Management\\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\mcafee\\McSvcHost\\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV - [2011/04/19 09:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/17 02:14:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\WildTangent Games\\App\\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/10 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftlist.exe -- (sftlist)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\ \mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Acer\\Registration\\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\ \mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\\Program Files (x86)\\Spybot - Search & Destroy\\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\\Program Files (x86)\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 00:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/10/13 23:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 23:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 23:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/08 20:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/03 12:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/24 00:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/14 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/19 19:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/10 04:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/01 20:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 15:45:10 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\wbem\
tfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)
DRV - [2011/04/01 00:22:04 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\\Program Files (x86)\\Lavasoft\\Ad-Aware\\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://acer.msn.com
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://acer.msn.com
IE - HKLM\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll (Conduit Ltd.)

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
IE - HKCU\\..\\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\\..\\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\YTNavAss ist.dll (Yahoo! Inc.)
IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll (Conduit Ltd.)
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt...id=CT2786678&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\\software\\mozilla\\Firefox\\Extensions\\\\ms ntoolbar@msn.com: C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\\Firefox [2010/10/17 02:07:17 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Firefox\\Extensions\\\\{2 7182e60-b5f3-411c-b545-b44205977502}: C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Search Helper\\firefoxextension\\SearchHelperExtension\\ [2010/10/17 02:07:20 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Firefox\\Extensions\\\\{3 252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DMExtension\\ [2010/10/17 02:07:22 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Firefox\\Extensions\\\\si teranker@siteranker.com: C:\\Program Files (x86)\\SiteRanker\\firefox\\ [2011/03/11 06:42:57 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Firefox\\Extensions\\\\{B 7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\\Program Files (x86)\\McAfee\\SiteAdvisor [2011/04/20 17:07:28 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2011/03/22 21:25:23 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Mozilla Firefox 4.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2011/03/22 21:25:21 | 000,000,000 | ---D | M]

[2011/03/11 02:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\
osar\\AppData\\Roaming\\Mozilla\\Extensions
[2011/03/23 21:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\
osar\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles \\pyg5ctbi.default\\extensions
[2011/03/22 21:26:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\\Users\
osar\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles \\pyg5ctbi.default\\extensions\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/22 21:26:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\\Users\
osar\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles \\pyg5ctbi.default\\extensions\\engine@conduit.com
[2011/03/13 21:38:20 | 000,002,572 | ---- | M] () -- C:\\Users\
osar\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles \\pyg5ctbi.default\\searchplugins\\askcom.xml
[2011/03/22 21:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions
File not found (No name found) --
[2011/04/20 17:07:28 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\\PROGRAM FILES (X86)\\MCAFEE\\SITEADVISOR
() (No name found) -- C:\\USERS\\ROSAR\\APPDATA\\ROAMING\\MOZILLA\\FIREF OX\\PROFILES\\PYG5CTBI.DEFAULT\\EXTENSIONS\\{6226B A26-C017-4007-928C-DE9715C6FA67}.XPI
() (No name found) -- C:\\USERS\\ROSAR\\APPDATA\\ROAMING\\MOZILLA\\FIREF OX\\PROFILES\\PYG5CTBI.DEFAULT\\EXTENSIONS\\MULTIP LETAB@PIRO.SAKURA.NE.JP.XPI
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\\Program Files (x86)\\Mozilla Firefox\\components\\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\\Program Files (x86)\\Mozilla Firefox\\components\\Scriptff.dll
[2007/12/17 10:16:14 | 000,065,536 | ---- | M] ( ) -- C:\\Program Files (x86)\\Mozilla Firefox\\plugins\
pkimi.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\\Program Files (x86)\\Mozilla Firefox\\searchplugins\\bing.xml

O1 HOSTS File: ([2011/04/06 13:28:23 | 000,432,410 | R--- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14882 more lines...
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\\Program Files\\mcafee\\msk\\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files\\Common Files\\mcafee\\systemcore\\ScriptSn.20110311074242 .dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\x64\\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll (Yahoo! Inc.)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\\Program Files (x86)\\SiteRanker\\SiteRank.dll (Crawler, LLC)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\\Program Files\\mcafee\\msk\\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files (x86)\\Common Files\\mcafee\\SystemCore\\ScriptSn.20110311074242 .dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\YTSingle Instance.dll (Yahoo! Inc)
O3:64bit: - HKLM\\..\\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\x64\\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\\..\\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\\..\\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\\..\\Toolbar: (@C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\\Program Files (x86)\\MSN Toolbar\\Platform\\6.0.2282.0\
pwinext.dll (Microsoft Corporation)
O3 - HKLM\\..\\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll (Conduit Ltd.)
O3 - HKLM\\..\\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll (Yahoo! Inc.)
O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\\..\\Toolbar\\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\\..\\Toolbar\\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\\Program Files (x86)\\uTorrentBar\buTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\\Run: [Acer ePower Management] C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\\Run: [HotKeysCmds] C:\\Windows\\SysNative\\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\\Run: [mwlDaemon] File not found
O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\\Run: [PLFSetI] C:\\Windows\\PLFSetI.exe ()
O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\\Run: [BackupManagerTray] C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\\Run: [IAStorIcon] C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\\Run: [LManager] C:\\Program Files (x86)\\Launch Manager\\LManager.exe (Dritek System Inc.)
O4 - HKLM..\\Run: [mcui_exe] C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\\Run: [Norton Online Backup] C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\\Run: [Messenger (Yahoo!)] C:\\Program Files (x86)\\Yahoo!\\Messenger\\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\control panel present
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\
estrictions present
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\policies\\Explorer: NoActiveDesktop = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\policies\\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\policies\\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\control panel present
O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\
estrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\SysWow64\\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/B...es/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/B.../armhelper.ocx (Reg Error: Key error.)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\\Handler\\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\x64\\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\\Handler\\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\\Handler\\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\\Handler\\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\x64\\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\\Handler\\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\\Handler\\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\\Handler\\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\\Handler\\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\SysNative\\SystemPropertiesPerformanc e.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - Reg Error: Key error. - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\\..exefile [open] -- "%1" %*
O35 - HKLM\\..comfile [open] -- "%1" %*
O35 - HKLM\\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\\...com [@ = comfile] -- "%1" %*
O37 - HKLM\\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 18:50:29 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Trend Micro
[2011/04/20 18:50:29 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis
[2011/04/20 13:12:54 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\McAfee
[2011/04/19 17:38:45 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\{0B54D05D-92D2-4CC6-A551-7CCF25070BFE}
[2011/04/16 23:34:13 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\\Windows\\SysNative\\drivers\\SBREDrv.sys
[2011/04/13 19:07:55 | 000,000,000 | -HSD | C] -- C:\\Windows\\SysWow64\\%APPDATA%
[2011/04/13 18:58:57 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\\Windows\\SysNative\\drivers\\Lbd.sys
[2011/04/13 18:58:10 | 000,000,000 | -H-D | C] -- C:\\ProgramData\\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011/04/13 18:57:29 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft
[2011/04/13 18:57:28 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Lavasoft
[2011/04/13 18:57:28 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Lavasoft
[2011/04/13 18:51:48 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SpywareBlaster
[2011/04/13 18:51:47 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SpywareBlaster
[2011/04/12 20:42:48 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\{A6C78531-A8DE-4227-A275-234AFD84A4E4}
[2011/04/11 18:29:14 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\{E276AEDC-F62E-4ADE-8FDF-47FB8EA08890}
[2011/04/11 18:29:11 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\{9AF3AAC4-5C3E-4534-B709-055DDD4868B1}
[2011/04/11 18:28:57 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\My Weblog Posts
[2011/04/06 22:34:07 | 000,000,000 | ---D | C] -- C:\\Windows\\Minidump
[2011/04/06 16:43:56 | 000,000,000 | -HSD | C] -- C:\\Windows\\SysNative\\%APPDATA%
[2011/04/06 13:19:59 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Spybot - Search & Destroy
[2011/04/06 13:19:55 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Spybot - Search & Destroy
[2011/04/06 13:19:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Spybot - Search & Destroy
[2011/04/04 22:40:44 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\CCleaner
[2011/04/04 22:40:40 | 000,000,000 | ---D | C] -- C:\\Program Files\\CCleaner
[2011/04/04 22:25:47 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Malwarebytes
[2011/04/04 22:25:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\SysWow64\\drivers\\mbamswissarmy.sys
[2011/04/04 22:25:41 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Malwarebytes' Anti-Malware
[2011/04/04 22:25:41 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Malwarebytes
[2011/04/04 22:25:38 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\SysNative\\drivers\\mbam.sys
[2011/04/04 22:25:38 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Malwarebytes' Anti-Malware
[2011/04/04 13:40:10 | 000,000,000 | ---D | C] -- C:\\ProgramData\\STOPzilla!
[2011/03/31 16:36:18 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Apple Computer
[2011/03/31 16:36:18 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\Apple Computer
[2011/03/31 16:36:17 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\My Barnes & Noble eBooks
[2011/03/31 13:20:21 | 000,000,000 | ---D | C] -- C:\\ProgramData\\PopCap Games
[2011/03/31 13:20:21 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\PopCap Games
[2011/03/30 19:57:50 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\LOM_09
[2011/03/30 16:47:51 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Tracing
[2011/03/30 16:47:47 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Windows Live Writer
[2011/03/30 16:47:47 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\Windows Live Writer
[2011/03/30 16:46:16 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\{929F23C1-B002-46D6-9B58-A096D8E4E7EA}
[2011/03/30 16:38:39 | 000,000,000 | ---D | C] -- C:\\Windows\\en
[2011/03/30 16:20:33 | 000,000,000 | ---D | C] -- C:\\Windows\\SysNative\\DRVSTORE
[2011/03/30 16:19:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Windows Live
[2011/03/30 16:15:52 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\Windows Live
[2011/03/29 14:18:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Premium
[2011/03/29 14:18:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\InstallMate
[2011/03/29 14:09:46 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Free Quick Keylogger
[2011/03/29 14:09:46 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Free Quick Keylogger
[2011/03/29 14:09:42 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\WideStep Software
[2011/03/29 00:34:26 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\Microsoft Help
[2011/03/29 00:34:26 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft Help
[2011/03/28 21:34:48 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office Starter (English)
[2011/03/27 15:01:21 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\ou_tro_bien_pouw_ta_ap_dekouraje
[2011/03/27 14:35:25 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Photo Notifier and Animation Creator
[2011/03/27 14:35:25 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Photo Notifier and Animation Creator
[2011/03/27 14:34:24 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\IM
[2011/03/27 14:34:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\IncrediMail
[2011/03/27 14:34:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\IM
[2011/03/23 14:23:18 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\congratulations.asp_files
[2011/03/22 19:06:46 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Local\\ElevatedDiagnostics
[2011/03/22 00:18:06 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\Documents\\AVS4YOU
[2011/03/22 00:14:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\AVS4YOU
[2011/03/22 00:13:59 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\AVS4YOU
[2011/03/22 00:13:40 | 000,000,000 | ---D | C] -- C:\\Users\
osar\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\AVS4YOU
[2011/03/22 00:13:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\AVS4YOU
[2011/03/22 00:12:29 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\AVSMedia
[2011/03/22 00:12:26 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AVS4YOU

========== Files - Modified Within 30 Days ==========

[2011/04/20 19:19:09 | 000,000,286 | -H-- | M] () -- C:\\Windows\asks\\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/20 18:50:29 | 000,002,975 | ---- | M] () -- C:\\Users\
osar\\Desktop\\HiJackThis.lnk
[2011/04/20 18:49:31 | 000,733,376 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI
[2011/04/20 18:49:31 | 000,628,764 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat
[2011/04/20 18:49:31 | 000,108,652 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat
[2011/04/20 18:46:18 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2011/04/20 13:21:33 | 000,009,920 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 13:21:33 | 000,009,920 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 13:12:54 | 000,001,751 | ---- | M] () -- C:\\Users\\Public\\Desktop\\McAfee Internet Security Suite.lnk
[2011/04/20 13:12:18 | 000,000,300 | -HS- | M] () -- C:\\Windows\asks\\ZEKCGJMDVC.job
[2011/04/20 13:12:07 | 2360,852,480 | -HS- | M] () -- C:\\hiberfil.sys
[2011/04/19 12:47:20 | 000,000,064 | ---- | M] () -- C:\\Windows\\SysWow64\
p_stats.dat
[2011/04/19 12:47:20 | 000,000,044 | ---- | M] () -- C:\\Windows\\SysWow64\
p_rules.dat
[2011/04/16 23:34:12 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\\Windows\\SysNative\\drivers\\SBREDrv.sys
[2011/04/13 18:58:09 | 000,001,130 | ---- | M] () -- C:\\Users\
osar\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Ad-Aware.lnk
[2011/04/13 18:58:09 | 000,001,106 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Ad-Aware.lnk
[2011/04/13 18:51:49 | 000,000,967 | ---- | M] () -- C:\\Users\
osar\\Desktop\\SpywareBlaster.lnk
[2011/04/12 22:09:04 | 000,002,265 | ---- | M] () -- C:\\Users\
osar\\Documents\\My Movie.wlmp
[2011/04/12 21:19:45 | 000,002,789 | ---- | M] () -- C:\\Users\
osar\\Documents\\me dancing.wlmp
[2011/04/11 21:01:03 | 000,015,872 | ---- | M] () -- C:\\Users\
osar\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/06 22:34:03 | 369,663,453 | ---- | M] () -- C:\\Windows\\MEMORY.DMP
[2011/04/06 13:28:23 | 000,432,410 | R--- | M] () -- C:\\Windows\\SysNative\\drivers\\etc\\hosts
[2011/04/06 13:20:00 | 000,001,246 | ---- | M] () -- C:\\Users\
osar\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Spybot - Search & Destroy.lnk
[2011/04/04 22:25:41 | 000,001,073 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Malwarebytes' Anti-Malware.lnk
[2011/04/04 14:14:35 | 000,000,976 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\kgpcpy.cfg
[2011/04/04 13:58:16 | 000,000,128 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\kgpfr2.cfg
[2011/04/04 13:49:58 | 000,000,860 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\etc\\hosts.201104 06-132823.backup
[2011/04/02 02:19:08 | 000,091,136 | RHS- | M] () -- C:\\Windows\\SysWow64\\PkgMgrd.dll
[2011/04/01 00:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\\Windows\\SysNative\\drivers\\Lbd.sys
[2011/04/01 00:22:01 | 000,016,432 | ---- | M] () -- C:\\Windows\\SysNative\\lsdelete.exe
[2011/04/01 00:07:36 | 000,010,394 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\Folder.jpg
[2011/04/01 00:07:36 | 000,010,394 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{CF44EAFB-9D19-4618-85C5-254069A9913E}_Large.jpg
[2011/04/01 00:07:36 | 000,002,682 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArtSmall.jpg
[2011/04/01 00:07:36 | 000,002,682 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{CF44EAFB-9D19-4618-85C5-254069A9913E}_Small.jpg
[2011/04/01 00:07:13 | 003,360,780 | ---- | M] () -- C:\\Users\
osar\\Desktop\\Edit Piaff - Hymne a l'amour.mp3
[2011/04/01 00:06:26 | 000,039,592 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{ABD3F69C-1AD9-45D0-9CBF-5BD45A6C0A0D}_Large.jpg
[2011/04/01 00:06:26 | 000,008,362 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{ABD3F69C-1AD9-45D0-9CBF-5BD45A6C0A0D}_Small.jpg
[2011/04/01 00:05:39 | 000,013,442 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{C7960D7A-5614-45B8-81DE-EFACAF412CF0}_Large.jpg
[2011/04/01 00:05:39 | 000,002,963 | -HS- | M] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{C7960D7A-5614-45B8-81DE-EFACAF412CF0}_Small.jpg
[2011/03/31 13:20:28 | 000,001,277 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Plants vs. Zombies.lnk
[2011/03/31 13:20:27 | 000,000,204 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Play More Great Games!.url
[2011/03/27 23:48:04 | 000,006,063 | ---- | M] () -- C:\\Users\
osar\\Documents\\My Movie..wlmp
[2011/03/27 23:45:32 | 000,001,592 | ---- | M] () -- C:\\Users\
osar\\Desktop\\My Movie. - Shortcut.lnk
[2011/03/25 21:54:16 | 000,072,036 | ---- | M] () -- C:\\Users\
osar\\Documents\\37187_157832247581677_10000064707 9714_329873_4210363_n.jpg
[2011/03/23 14:23:19 | 000,020,089 | ---- | M] () -- C:\\Users\
osar\\Documents\\congratulations.asp.htm
[2011/03/22 21:26:21 | 000,002,052 | ---- | M] () -- C:\\Users\
osar\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Mozilla Firefox.lnk
[2011/03/22 21:25:26 | 000,001,098 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk
[2011/03/22 07:19:24 | 000,275,064 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT
[2011/03/22 00:48:50 | 000,356,928 | ---- | M] () -- C:\\Users\
osar\\Documents\\me..vep
[2011/03/22 00:13:41 | 000,001,257 | ---- | M] () -- C:\\Users\
osar\\Desktop\\AVS4YOU Software Navigator.lnk
[2011/03/22 00:13:05 | 000,001,165 | ---- | M] () -- C:\\Users\
osar\\Desktop\\AVS Video Editor.lnk

========== Files Created - No Company Name ==========

[2011/04/20 18:50:29 | 000,002,975 | ---- | C] () -- C:\\Users\
osar\\Desktop\\HiJackThis.lnk
[2011/04/19 12:47:20 | 000,000,064 | ---- | C] () -- C:\\Windows\\SysWow64\
p_stats.dat
[2011/04/19 12:47:20 | 000,000,044 | ---- | C] () -- C:\\Windows\\SysWow64\
p_rules.dat
[2011/04/13 21:37:37 | 000,016,432 | ---- | C] () -- C:\\Windows\\SysNative\\lsdelete.exe
[2011/04/13 18:58:09 | 000,001,130 | ---- | C] () -- C:\\Users\
osar\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Ad-Aware.lnk
[2011/04/13 18:58:09 | 000,001,106 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Ad-Aware.lnk
[2011/04/13 18:51:49 | 000,000,967 | ---- | C] () -- C:\\Users\
osar\\Desktop\\SpywareBlaster.lnk
[2011/04/12 21:19:45 | 000,002,789 | ---- | C] () -- C:\\Users\
osar\\Documents\\me dancing.wlmp
[2011/04/06 22:34:03 | 369,663,453 | ---- | C] () -- C:\\Windows\\MEMORY.DMP
[2011/04/06 13:20:00 | 000,001,246 | ---- | C] () -- C:\\Users\
osar\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Spybot - Search & Destroy.lnk
[2011/04/04 22:25:41 | 000,001,073 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Malwarebytes' Anti-Malware.lnk
[2011/04/04 13:58:16 | 000,000,128 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\kgpfr2.cfg
[2011/04/04 13:54:44 | 000,000,976 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\kgpcpy.cfg
[2011/04/02 02:19:08 | 000,091,136 | RHS- | C] () -- C:\\Windows\\SysWow64\\PkgMgrd.dll
[2011/04/02 02:19:08 | 000,000,300 | -HS- | C] () -- C:\\Windows\asks\\ZEKCGJMDVC.job
[2011/04/02 02:19:08 | 000,000,286 | -H-- | C] () -- C:\\Windows\asks\\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/01 00:07:36 | 000,010,394 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{CF44EAFB-9D19-4618-85C5-254069A9913E}_Large.jpg
[2011/04/01 00:07:36 | 000,002,682 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{CF44EAFB-9D19-4618-85C5-254069A9913E}_Small.jpg
[2011/04/01 00:06:26 | 000,039,592 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{ABD3F69C-1AD9-45D0-9CBF-5BD45A6C0A0D}_Large.jpg
[2011/04/01 00:06:26 | 000,008,362 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{ABD3F69C-1AD9-45D0-9CBF-5BD45A6C0A0D}_Small.jpg
[2011/04/01 00:05:39 | 000,013,442 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{C7960D7A-5614-45B8-81DE-EFACAF412CF0}_Large.jpg
[2011/04/01 00:05:39 | 000,010,394 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\Folder.jpg
[2011/04/01 00:05:39 | 000,002,963 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArt_{C7960D7A-5614-45B8-81DE-EFACAF412CF0}_Small.jpg
[2011/04/01 00:05:39 | 000,002,682 | -HS- | C] () -- C:\\Users\
osar\\Desktop\\AlbumArtSmall.jpg
[2011/03/31 13:20:28 | 000,001,277 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Plants vs. Zombies.lnk
[2011/03/31 13:20:27 | 000,000,204 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Play More Great Games!.url
[2011/03/30 16:32:22 | 000,001,269 | ---- | C] () -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Live Movie Maker.lnk
[2011/03/30 16:30:15 | 000,001,338 | ---- | C] () -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Live Photo Gallery.lnk
[2011/03/30 16:27:37 | 000,001,422 | ---- | C] () -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Live Mail.lnk
[2011/03/30 16:25:29 | 000,002,450 | ---- | C] () -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Live Messenger.lnk
[2011/03/27 23:45:32 | 000,001,592 | ---- | C] () -- C:\\Users\
osar\\Desktop\\My Movie. - Shortcut.lnk
[2011/03/27 23:40:36 | 000,006,063 | ---- | C] () -- C:\\Users\
osar\\Documents\\My Movie..wlmp
[2011/03/25 21:54:16 | 000,072,036 | ---- | C] () -- C:\\Users\
osar\\Documents\\37187_157832247581677_10000064707 9714_329873_4210363_n.jpg
[2011/03/23 14:23:18 | 000,020,089 | ---- | C] () -- C:\\Users\
osar\\Documents\\congratulations.asp.htm
[2011/03/22 21:25:26 | 000,001,110 | ---- | C] () -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk
[2011/03/22 00:48:49 | 000,356,928 | ---- | C] () -- C:\\Users\
osar\\Documents\\me..vep
[2011/03/22 00:13:41 | 000,001,257 | ---- | C] () -- C:\\Users\
osar\\Desktop\\AVS4YOU Software Navigator.lnk
[2011/03/22 00:13:05 | 000,001,165 | ---- | C] () -- C:\\Users\
osar\\Desktop\\AVS Video Editor.lnk
[2011/03/15 21:20:13 | 000,749,728 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
[2011/03/11 11:16:27 | 000,015,872 | ---- | C] () -- C:\\Users\
osar\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 02:30:28 | 000,000,062 | ---- | C] () -- C:\\Windows\\wininit.ini
[2011/03/11 02:24:19 | 000,000,000 | ---- | C] () -- C:\\Windows\
sreg.dat
[2010/11/28 09:02:13 | 000,159,744 | ---- | C] () -- C:\\Windows\\SysWow64\\mssac-ocd.dll
[2010/10/17 02:05:46 | 000,206,208 | ---- | C] () -- C:\\Windows\\PLFSetI.exe
[2010/10/17 02:05:46 | 000,113,264 | ---- | C] () -- C:\\Windows\\FixUVC.exe
[2010/10/17 02:05:46 | 000,000,302 | ---- | C] () -- C:\\Windows\\PidList_C.ini
[2010/08/27 04:31:55 | 000,982,220 | ---- | C] () -- C:\\Windows\\SysWow64\\igkrng500.bin
[2010/08/27 04:31:54 | 000,439,300 | ---- | C] () -- C:\\Windows\\SysWow64\\igcompkrng500.bin
[2010/08/27 04:31:54 | 000,134,592 | ---- | C] () -- C:\\Windows\\SysWow64\\igfcg500.bin
[2010/08/27 04:31:54 | 000,092,216 | ---- | C] () -- C:\\Windows\\SysWow64\\igfcg500m.bin
[2009/10/27 15:33:49 | 000,009,851 | ---- | C] () -- C:\\Windows\\SysWow64\\mswan-oce.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\\Windows\\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\\Windows\\SysWow64\\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\\Windows\\SysWow64\\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\\Windows\\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\\Windows\\SysWow64\\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\\Windows\\SysWow64\\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\\Windows\\SysWow64\\mlang.dat

========== LOP Check ==========

[2011/03/11 02:08:55 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\Barnes & Noble
[2011/03/11 04:45:09 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\FloodLightGames
[2011/03/15 00:21:14 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\ManyCam
[2011/04/15 18:20:25 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\SoftGrid Client
[2011/03/19 18:55:55 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\SpinTop
[2011/03/15 21:21:33 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\TP
[2011/04/20 18:57:44 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\uTorrent
[2011/03/30 16:47:47 | 000,000,000 | ---D | M] -- C:\\Users\
osar\\AppData\\Roaming\\Windows Live Writer
[2011/04/13 15:45:26 | 000,032,632 | ---- | M] () -- C:\\Windows\\Tasks\\SCHEDLGU.TXT
[2011/04/20 13:12:18 | 000,000,300 | -HS- | M] () -- C:\\Windows\\Tasks\\ZEKCGJMDVC.job
[2011/04/20 19:19:09 | 000,000,286 | -H-- | M] () -- C:\\Windows\\Tasks\\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\\ProgramData\\Temp:5C321E34
@Alternate Data Stream - 186 bytes -> C:\\ProgramData\\Temp:8927A071
@Alternate Data Stream - 143 bytes -> C:\\ProgramData\\Temp:55422315
@Alternate Data Stream - 120 bytes -> C:\\ProgramData\\Temp:2F4A0A6B
< End of report >
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #6 of 27
Quote:
C:\\Windows\\PLFSetI.exe
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\ConduitEngine.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/B...es/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/B.../armhelper.ocx
O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe
O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files (x86)\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\\System32\
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)
O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)
Bold jumped out at me. I haven't looked into it yet. Just a reference for others. I'll try to see what I can find.

Quote:
Originally Posted by Waffleboy View Post
Do you have any symptoms to describe? Nothing is really jumping out at me from the log, though I only gave it a skim. You should use something like DDS or OTL instead, HJT hasn't been updated in years.
It's still one of the best programs out there, man.
Kilo 3.0
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K Gigabyte GA-Z68XP-UD3P HIS HD6970 1GB 8GB G.Skill RipJaws DDR3-1600 
Hard DriveHard DriveHard DriveHard Drive
OCZ Vertex 3 Seagate Barricuda Seagate GoFlex WD Passport 
Optical DriveOptical DriveCoolingCooling
Lite-On BD-RW ASUS DVD-RW Cooler Master H80 Arctic Cooling Twin Turbo II 
OSMonitorKeyboardPower
Windows 8 Pro 25" Hanns.G K710 Corsair TX750 
CaseMouseMouse PadAudio
Cooler Master 690 M710 XTrac Ripper Logitech 540 
  hide details  
Reply
Kilo 3.0
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K Gigabyte GA-Z68XP-UD3P HIS HD6970 1GB 8GB G.Skill RipJaws DDR3-1600 
Hard DriveHard DriveHard DriveHard Drive
OCZ Vertex 3 Seagate Barricuda Seagate GoFlex WD Passport 
Optical DriveOptical DriveCoolingCooling
Lite-On BD-RW ASUS DVD-RW Cooler Master H80 Arctic Cooling Twin Turbo II 
OSMonitorKeyboardPower
Windows 8 Pro 25" Hanns.G K710 Corsair TX750 
CaseMouseMouse PadAudio
Cooler Master 690 M710 XTrac Ripper Logitech 540 
  hide details  
Reply
post #7 of 27
Quote:
Originally Posted by SIMPSONATOR View Post
Bold jumped out at me. I haven't looked into it yet. Just a reference for others. I'll try to see what I can find.
  • FNPLicensingService.exe is installed after you install Acrobat.
  • PLFSetI.exe is needed for Acer's webcam function.
  • ConduitEngine.dll is most likely a Trojan until proven otherwise. I've never seen that used before as legitimate DLL.
  • wlidnsp.dll is needed for Windows Live.
  • stg_drm.ocx is a Spintop DRM control file.
  • armhelper.ocx is a ArmHelper Control process which belongs to ArmHelper Control from SpinTop.

Some more details on the ones you bolded
Edited by pjBSOD - 4/20/11 at 4:43pm
post #8 of 27
Sweet, bro
Kilo 3.0
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K Gigabyte GA-Z68XP-UD3P HIS HD6970 1GB 8GB G.Skill RipJaws DDR3-1600 
Hard DriveHard DriveHard DriveHard Drive
OCZ Vertex 3 Seagate Barricuda Seagate GoFlex WD Passport 
Optical DriveOptical DriveCoolingCooling
Lite-On BD-RW ASUS DVD-RW Cooler Master H80 Arctic Cooling Twin Turbo II 
OSMonitorKeyboardPower
Windows 8 Pro 25" Hanns.G K710 Corsair TX750 
CaseMouseMouse PadAudio
Cooler Master 690 M710 XTrac Ripper Logitech 540 
  hide details  
Reply
Kilo 3.0
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K Gigabyte GA-Z68XP-UD3P HIS HD6970 1GB 8GB G.Skill RipJaws DDR3-1600 
Hard DriveHard DriveHard DriveHard Drive
OCZ Vertex 3 Seagate Barricuda Seagate GoFlex WD Passport 
Optical DriveOptical DriveCoolingCooling
Lite-On BD-RW ASUS DVD-RW Cooler Master H80 Arctic Cooling Twin Turbo II 
OSMonitorKeyboardPower
Windows 8 Pro 25" Hanns.G K710 Corsair TX750 
CaseMouseMouse PadAudio
Cooler Master 690 M710 XTrac Ripper Logitech 540 
  hide details  
Reply
post #9 of 27
cool story bro
post #10 of 27
Quote:
Originally Posted by CrazzyRussian View Post
cool story bro
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security