Jump to content

fleamour

Honorary Members
  • Posts

    59
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Exactly that scenario. Jst reporting buggy behaviour.
  2. Not blocked, just prevented web page loading properly, even with exceptions.
  3. fleamour

    Out of Memory

    Fail. InternalError: allocation size overflow when accessing following website under Linux; https://www.robotodyssey.online/#
  4. Thanks for your assistance, will donate you a couple of quid for a coffee! You forgot to mention Defogger!
  5. Turns out BitLocker is not only an expensive premium (?!?) feature. But also a resource hog. 7 Boots much faster without, keeps up with Ubuntu now.
  6. Mounted with Xubuntu live CD. Only weird folders is the randomly named ComboFix/GMER, however... ...Decrypted drive to mount with live CD & MBAM is now scanning!?! It must be a bug with BitLocker. I use BitLocker as supposedly makes life harder for hackers? Can you file a bug report? I am soooo relieved, will reload AV/anti spyware/FW & get on with life in the peace of mind that I'm not compromised! Case closed!!!
  7. My C drive is BitLocker encrypted which makes mounting with any live CD a no no. I can turn off encryption then mount a search for errant folder with spare Xubuntu live CD I have lying around?
  8. When you say "clean computer", I am not to build on infected PC? All my other OSs are Linux, although I can borrow a clean PC at a push, from a friend.
  9. Do you think I'm infected? Really disappointed with Windows if that is the case. Would hate to have to reinstall OS. I am not doing any internet banking just in case.
  10. SystemLook 04.09.10 by jpshortstuff Log created at 22:12 on 20/07/2011 by fleamour Administrator - Elevation successful ========== folderfind ========== Searching for "c:\wa*" No folders found. -= EOF =-
  11. Not even with show hidden & OS files checked.
  12. I installed Panda Cloud Antivirus right back when I installed Windows. I've also used there on demand scanner recently. I do have XP Mode installed though hardly use it.
  13. Uninstalled ESET: OTL logfile created on: 19/07/2011 22:34:27 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\fleamour\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.12 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 67.73% Memory free 6.24 Gb Paging File | 5.13 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.76 Gb Total Space | 69.55 Gb Free Space | 46.75% Space Free | Partition Type: NTFS Drive D: | 298.05 Mb Total Space | 256.16 Mb Free Space | 85.95% Space Free | Partition Type: NTFS Drive E: | 415.47 Gb Total Space | 62.55 Gb Free Space | 15.06% Space Free | Partition Type: NTFS Drive F: | 316.71 Gb Total Space | 223.56 Gb Free Space | 70.59% Space Free | Partition Type: NTFS Drive H: | 3.71 Gb Total Space | 3.11 Gb Free Space | 83.86% Space Free | Partition Type: FAT32 Computer Name: ASROCK | User Name: fleamour | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/19 22:33:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\fleamour\Desktop\OTL.exe PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe ========== Modules (SafeList) ========== MOD - [2011/07/19 22:33:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\fleamour\Desktop\OTL.exe MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/08/06 23:55:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\fleamour\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL) DRV - [2011/07/12 22:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\fleamour\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/11 19:46:04 | 000,216,752 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys -- (RapportCerberus_28711) DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/11/20 13:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010/11/20 13:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 11:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010/11/20 11:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/08/16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2010/08/16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2010/04/07 12:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 1C FF B5 B6 35 CB 01 [binary data] IE - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:3.0 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bullguard.com/onlinescanner: C:\Program Files\BullGuard Ltd\BullGuard Online Scanner\npbgscanner.dll (BullGuard Ltd.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\fleamour\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\fleamour\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/11 15:39:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/06 22:18:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 16:35:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/11 15:39:23 | 000,000,000 | ---D | M] [2010/10/28 22:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fleamour\AppData\Roaming\Mozilla\Extensions [2011/07/12 22:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fleamour\AppData\Roaming\Mozilla\Firefox\Profiles\r0nnu1kt.default\extensions [2011/07/12 22:37:42 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\fleamour\AppData\Roaming\Mozilla\Firefox\Profiles\r0nnu1kt.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} [2010/10/28 22:18:26 | 000,000,000 | ---D | M] (IE View) -- C:\Users\fleamour\AppData\Roaming\Mozilla\Firefox\Profiles\r0nnu1kt.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2011/07/12 22:37:44 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\fleamour\AppData\Roaming\Mozilla\Firefox\Profiles\r0nnu1kt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/04/06 22:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\USERS\FLEAMOUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R0NNU1KT.DEFAULT\EXTENSIONS\{1A0C9EBE-DDF9-4B76-B8A3-675C77874D37}.XPI () (No name found) -- C:\USERS\FLEAMOUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R0NNU1KT.DEFAULT\EXTENSIONS\GRWATCHER@AJNASZ.HU.XPI [2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/11/06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/07/15 20:27:57 | 000,435,740 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14993 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\..Trusted Domains: akamai.net ([a248.e] http in Trusted sites) O15 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\..Trusted Domains: bitdefender.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\..Trusted Domains: bitdefender.com ([kb] http in Trusted sites) O15 - HKU\S-1-5-21-3007608149-1695688726-1621582678-1001\..Trusted Domains: netflame.cc ([ssl-hints] http in Trusted sites) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck PuranDefragBT -AD) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/19 22:33:23 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\fleamour\Desktop\OTL.exe [2011/07/19 21:23:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/07/19 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{5CF4032B-1BAA-4951-822B-4A4DC7B38326} [2011/07/18 09:53:17 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2011/07/18 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2011/07/18 08:00:07 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{5D04D2B8-2F80-4581-BF03-4833A1561907} [2011/07/17 18:27:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\fleamour\Desktop\esetsmartinstaller_enu.exe [2011/07/17 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Roaming\Malwarebytes [2011/07/17 18:24:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/07/17 18:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/17 18:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/17 18:24:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/07/17 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/17 18:14:59 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{2F525746-BB80-456F-ABBD-5B0C8F9B7265} [2011/07/16 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Roaming\SUPERAntiSpyware.com [2011/07/16 23:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/07/16 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{3EC6EE34-FAA2-4FE7-806D-681C5F295ED0} [2011/07/15 20:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/07/15 20:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/07/15 19:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd [2011/07/15 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation [2011/07/15 16:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation [2011/07/15 16:01:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/07/15 15:54:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/07/15 15:54:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/07/15 15:54:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/07/15 15:53:19 | 000,000,000 | ---D | C] -- C:\mdwflpgnfg20416m [2011/07/15 15:38:07 | 000,000,000 | ---D | C] -- C:\mdwflpgnfg21075m [2011/07/15 15:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/07/15 15:32:27 | 000,000,000 | ---D | C] -- C:\Users\fleamour\Desktop\RK_Quarantine [2011/07/15 15:30:46 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{457FC8D3-D991-4E3F-964E-E7A96CFB0734} [2011/07/15 13:09:51 | 000,000,000 | ---D | C] -- C:\mdwflpgnfg [2011/07/15 13:08:13 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/07/15 13:01:15 | 004,153,133 | R--- | C] (Swearware) -- C:\Users\fleamour\Desktop\mdwflpgnfg.exe [2011/07/15 12:47:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/15 08:40:40 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2011/07/15 08:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011/07/15 08:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011/07/15 07:38:22 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\fleamour\Desktop\dds.scr [2011/07/15 07:27:08 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\ESET [2011/07/15 02:13:41 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{48E917FD-65FE-4D1F-BD27-2EB82FF86CF8} [2011/07/14 14:13:16 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{344A375B-0AB1-41B1-830B-978877B3EE6C} [2011/07/13 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\fleamour\SecurityScans [2011/07/13 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2 [2011/07/13 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{FF9A1E98-2512-4119-8EAD-94ACA4BCC7A8} [2011/07/12 21:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/07/12 20:57:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/12 20:57:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/12 20:57:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/12 20:57:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011/07/12 20:57:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011/07/12 20:57:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/12 20:57:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/12 20:57:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011/07/12 20:57:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011/07/12 20:57:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011/07/12 20:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011/07/12 20:57:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011/07/12 20:57:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011/07/12 20:57:46 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011/07/12 20:57:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/07/12 20:57:31 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/07/12 20:54:49 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{59658CAE-C2D9-4DB6-9828-7980E64367EF} [2011/07/11 20:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/07/11 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{CC717ACE-D0EB-4121-A80F-6511CC40320C} [2011/07/05 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{764807B2-3CFE-4030-8FA4-F9154C08A26E} [2011/07/04 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2011/07/04 14:10:28 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{A05B776D-1EF9-4436-852B-F63FF4B77EA8} [2011/07/03 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{1CADC845-3F69-4FF6-973E-4B9CD3ED17D7} [2011/07/01 16:36:33 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\Adobe [2011/07/01 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011/07/01 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011/07/01 16:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011/07/01 16:31:47 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2011/07/01 16:31:46 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2011/07/01 16:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2011/07/01 12:17:51 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011/07/01 12:17:51 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011/07/01 12:17:51 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011/07/01 12:17:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011/07/01 12:17:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011/07/01 12:17:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011/07/01 12:15:40 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{42A4A021-9866-4AFD-9E76-E3AB15AF810A} [2011/06/28 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{C0995C03-FFB8-4E72-9147-28A1C6A10482} [2011/06/27 15:52:24 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{85C9F839-F595-4873-A8F7-4D69861F55E7} [2011/06/26 17:34:55 | 000,000,000 | ---D | C] -- C:\Users\fleamour\AppData\Local\{B097DEE0-7B31-4D2B-9E40-686C445AFC9F} [2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys ========== Files - Modified Within 30 Days ========== [2011/07/19 22:33:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\fleamour\Desktop\OTL.exe [2011/07/19 22:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/19 22:31:01 | 2516,029,440 | -HS- | M] () -- C:\hiberfil.sys [2011/07/19 22:25:32 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/19 22:25:32 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/19 21:54:08 | 204,877,654 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/19 21:12:20 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3007608149-1695688726-1621582678-1001UA.job [2011/07/18 09:43:58 | 001,008,041 | ---- | M] () -- C:\Users\fleamour\Desktop\rkill.exe [2011/07/18 08:12:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3007608149-1695688726-1621582678-1001Core.job [2011/07/18 08:05:43 | 000,186,456 | ---- | M] () -- C:\Users\fleamour\Desktop\Capture.PNG [2011/07/17 18:27:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\fleamour\Desktop\esetsmartinstaller_enu.exe [2011/07/17 18:24:14 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/15 20:27:57 | 000,435,740 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/07/15 16:49:26 | 000,665,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/15 16:49:26 | 000,125,520 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/07/15 15:53:55 | 004,153,133 | R--- | M] (Swearware) -- C:\Users\fleamour\Desktop\mdwflpgnfg.exe [2011/07/15 15:31:16 | 000,516,608 | ---- | M] () -- C:\Users\fleamour\Desktop\winlogon.exe [2011/07/15 08:27:41 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011/07/15 07:43:46 | 000,003,373 | ---- | M] () -- C:\Users\fleamour\Desktop\defogger_disable.zip [2011/07/15 07:39:58 | 000,302,592 | ---- | M] () -- C:\Users\fleamour\Desktop\3qhipide.exe [2011/07/15 07:38:26 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\fleamour\Desktop\dds.scr [2011/07/15 07:36:39 | 000,000,000 | ---- | M] () -- C:\Users\fleamour\defogger_reenable [2011/07/15 07:35:47 | 000,050,477 | ---- | M] () -- C:\Users\fleamour\Desktop\Defogger.exe [2011/07/13 17:50:50 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2011/07/12 22:22:53 | 000,414,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/07/04 19:00:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys ========== Files Created - No Company Name ========== [2011/07/19 21:23:56 | 204,877,654 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/07/18 09:43:53 | 001,008,041 | ---- | C] () -- C:\Users\fleamour\Desktop\rkill.exe [2011/07/18 08:05:43 | 000,186,456 | ---- | C] () -- C:\Users\fleamour\Desktop\Capture.PNG [2011/07/17 18:24:14 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/15 15:54:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/07/15 15:54:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/07/15 15:54:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/07/15 15:54:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/07/15 15:54:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/15 15:31:40 | 000,516,608 | ---- | C] () -- C:\Users\fleamour\Desktop\winlogon.exe [2011/07/15 07:43:46 | 000,003,373 | ---- | C] () -- C:\Users\fleamour\Desktop\defogger_disable.zip [2011/07/15 07:39:55 | 000,302,592 | ---- | C] () -- C:\Users\fleamour\Desktop\3qhipide.exe [2011/07/15 07:36:39 | 000,000,000 | ---- | C] () -- C:\Users\fleamour\defogger_reenable [2011/07/15 07:35:54 | 000,050,477 | ---- | C] () -- C:\Users\fleamour\Desktop\Defogger.exe [2011/07/13 17:50:50 | 000,001,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk [2011/07/13 17:50:50 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2011/07/01 16:35:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/05/20 19:38:49 | 000,001,330 | ---- | C] () -- C:\Windows\System32\.ini [2011/04/05 18:35:35 | 000,004,112 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/03/20 23:27:11 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2011/03/20 23:27:11 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2011/03/20 23:27:11 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2011/02/23 18:05:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/02/23 18:03:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/01/11 15:33:52 | 000,168,557 | ---- | C] () -- C:\Windows\hphins33.dat [2011/01/05 13:26:23 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011/01/05 09:25:58 | 000,000,942 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/22 23:48:08 | 000,000,600 | ---- | C] () -- C:\Users\fleamour\AppData\Roaming\winscp.rnd [2010/08/06 23:48:26 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010/01/29 22:30:08 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 05:33:53 | 000,414,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,665,794 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,125,520 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2006/10/11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS ========== Files - Unicode (All) ========== [2010/11/22 22:50:05 | 000,002,340 | ---- | M] ()(C:\Users\fleamour\Documents\omega?.con?tacts?.msn?.com) -- C:\Users\fleamour\Documents\omega​.con​tacts​.msn​.com [2010/11/22 22:50:05 | 000,002,340 | ---- | C] ()(C:\Users\fleamour\Documents\omega?.con?tacts?.msn?.com) -- C:\Users\fleamour\Documents\omega​.con​tacts​.msn​.com < End of report > Extras.Txt: OTL Extras logfile created on: 19/07/2011 22:34:27 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\fleamour\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.12 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 67.73% Memory free 6.24 Gb Paging File | 5.13 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.76 Gb Total Space | 69.55 Gb Free Space | 46.75% Space Free | Partition Type: NTFS Drive D: | 298.05 Mb Total Space | 256.16 Mb Free Space | 85.95% Space Free | Partition Type: NTFS Drive E: | 415.47 Gb Total Space | 62.55 Gb Free Space | 15.06% Space Free | Partition Type: NTFS Drive F: | 316.71 Gb Total Space | 223.56 Gb Free Space | 70.59% Space Free | Partition Type: NTFS Drive H: | 3.71 Gb Total Space | 3.11 Gb Free Space | 83.86% Space Free | Partition Type: FAT32 Computer Name: ASROCK | User Name: fleamour | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" "%1\" Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2 "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "7-Zip" = 7-Zip 4.65 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "BullGuard Online Scanner" = BullGuard Online Scanner "CCleaner" = CCleaner "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "EasyBCD" = EasyBCD 2.0 "ESET Online Scanner" = ESET Online Scanner v3 "HashOnClick_is1" = HashOnClick "HitmanPro35" = Hitman Pro 3.5 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photo Creations" = HP Photo Creations "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.2 "Rapport_msi" = Rapport "Shop for HP Supplies" = Shop for HP Supplies "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4 "Spotify" = Spotify "STANDARD" = Microsoft Office Standard 2007 "UBCD4Win_is1" = UBCD4Win 3.60 "WinLiveSuite" = Windows Live Essentials "winscp3_is1" = WinSCP 4.2.9 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3007608149-1695688726-1621582678-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14/07/2011 17:37:09 | Computer Name = ASRock | Source = VSS | ID = 12289 Description = Error - 14/07/2011 17:37:09 | Computer Name = ASRock | Source = VSS | ID = 12289 Description = Error - 15/07/2011 02:43:06 | Computer Name = ASRock | Source = Application Error | ID = 1000 Description = Faulting application name: 3qhipide.exe, version: 1.0.15.15640, time stamp: 0x4de220a0 Faulting module name: 3qhipide.exe, version: 1.0.15.15640, time stamp: 0x4de220a0 Exception code: 0xc0000005 Fault offset: 0x0000c676 Faulting process id: 0x10dc Faulting application start time: 0x01cc42ba1b9f5847 Faulting application path: C:\Users\fleamour\Desktop\3qhipide.exe Faulting module path: C:\Users\fleamour\Desktop\3qhipide.exe Report Id: b1ac52fd-aead-11e0-b262-00196670d7fe Error - 15/07/2011 08:06:31 | Computer Name = ASRock | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: HashOnClick.dll_unloaded, version: 0.0.0.0, time stamp: 0x499cfca0 Exception code: 0xc0000005 Fault offset: 0x08b08484 Faulting process id: 0x1c4 Faulting application start time: 0x01cc42e47c6f0db2 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: HashOnClick.dll Report Id: e00b4a1f-aeda-11e0-b4e4-00196670d7fe Error - 15/07/2011 13:36:03 | Computer Name = ASRock | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\UBCD4Win\BartPE\PROGRAMS\Recuva\Recuva64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 15/07/2011 13:36:07 | Computer Name = ASRock | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll".Error in manifest or policy file "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 15/07/2011 14:18:37 | Computer Name = ASRock | Source = Application Error | ID = 1000 Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000374 Fault offset: 0x000c37b7 Faulting process id: 0x7c4 Faulting application start time: 0x01cc431b938c5530 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: db57e499-af0e-11e0-a098-00196670d7fe Error - 17/07/2011 19:05:24 | Computer Name = ASRock | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\UBCD4Win\BartPE\PROGRAMS\Recuva\Recuva64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 17/07/2011 19:05:27 | Computer Name = ASRock | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll".Error in manifest or policy file "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 17/07/2011 19:05:40 | Computer Name = ASRock | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. [ System Events ] Error - 17/06/2011 11:04:00 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 17/06/2011 11:07:11 | Computer Name = ASRock | Source = DCOM | ID = 10010 Description = Error - 18/06/2011 13:17:01 | Computer Name = ASRock | Source = DCOM | ID = 10010 Description = Error - 26/06/2011 12:33:55 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 26/06/2011 12:41:43 | Computer Name = ASRock | Source = DCOM | ID = 10010 Description = Error - 28/06/2011 08:33:05 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 01/07/2011 07:12:26 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 01/07/2011 07:38:07 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 01/07/2011 11:16:41 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error - 04/07/2011 09:08:38 | Computer Name = ASRock | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. < End of report >
  14. ESET will not let me manually bypass warning & download file, even with real time protection turned off.
  15. I Guess I can ignore this warning? Details: Web page: http://oldtimer.geekstogo.com/OTL.exe Description: Access to the web page was blocked by ESET NOD32 Antivirus. The web page is on the list of websites with potentially dangerous content. www.eset.com
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.