Google Redirect and other.

Harn · September 30, 2010

Hi there, I've been having this issue for.... quite some time now, but essentially Google will often redirect me to some other search engine when i click on a result, and I will get new tabs opening up at random to various search engines, usually giving me a [search engine] cannot find [whatever it is I last searched for on Google], which I close immediately.

And on occasion my computer will pretty much slow down to a snails pace, and my start bar will lock up, and I will be unable to open any new programs, forcing me to reboot my computer. Sometimes i'll go all day without this issue, other times I'll have to reboot several times within minutes of each other. Possibly related to this is that maybe 1/20 times when I shut down my computer, I get a little window that says iexplorer.exe is waiting to close' with a little bar going across, and when it finishes, the computer just freezes, won't shut down at all.

I've got Norton Antivirus 2010 on my computer [a purchase i regret, as it seems that tracking cookies are the only thing it's capable of dealing with], it claims everything is clean, and Malwarebytes also claims that everything is clean.

Oh, maybe I'll bring it up here too, not really any harm in doing so, just in case, I downloaded a game, but it claims it requires and administer to provide write access to its own directory to install, the issue being that I am the administer, so it shouldn't be asking me to get my own permission to do it's thing. so I was wondering if that may mean there's something in my computer undermining my authority, as it were. [i'm not looking for help with this unless you think it's a virus buggering around, if it's just my comp being weird, that's fine]

Elise · September 30, 2010

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the Quick Scan button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

Double-click on RKUnhookerLE to run it
Click the Report tab, then click Scan
Check Drivers, Stealth and uncheck the rest
Click OK
Wait until it's finished and then go to File > Save Report
Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)
RKU log

Thanks and again sorry for the delay.

Harn · October 1, 2010

Hey, thanks for being willing to help me.

Anyhow, straight to business, the logs for that OTL and rootkit things,

First off the one labeled OTL.txt

-

OTL logfile created on: 30/09/2010 8:04:10 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 177.95 Gb Free Space | 76.41% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: R2D2-70EE716B7A

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/30 20:01:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2010/09/29 22:06:48 | 001,704,448 | ---- | M] (Curse) -- C:\Documents and Settings\Owner\Local Settings\Apps\2.0\KAMVVBH5.OX7\A8V3OXV6.YM0\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe

PRC - [2010/09/17 16:17:01 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/09/17 16:16:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

PRC - [2010/04/20 22:55:35 | 002,938,552 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe

PRC - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe

PRC - [2010/01/07 14:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe

PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

PRC - [2009/08/13 19:02:34 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

PRC - [2009/08/13 18:59:22 | 003,161,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

PRC - [2009/08/13 18:38:34 | 000,498,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

PRC - [2009/08/13 18:38:26 | 000,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

PRC - [2009/08/13 18:37:56 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

PRC - [2009/08/13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

PRC - [2009/08/13 18:37:34 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

PRC - [2009/08/13 18:37:24 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

PRC - [2008/09/25 10:43:54 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

PRC - [2007/09/12 18:27:24 | 000,623,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/06/28 17:10:00 | 001,175,552 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe

========== Modules (SafeList) ==========

MOD - [2010/09/30 20:01:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

MOD - [2008/05/02 03:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll

MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/09/22 22:16:00 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)

SRV - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)

SRV - [2010/06/17 11:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2010/03/19 23:29:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)

SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2008/09/25 10:43:54 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2010/09/28 22:58:15 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100929.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/09/28 22:58:15 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100929.021\NAVENG.SYS -- (NAVENG)

DRV - [2010/09/22 21:13:34 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/09/03 14:57:18 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/07/28 23:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)

DRV - [2010/07/28 22:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)

DRV - [2010/07/28 22:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010/07/12 21:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)

DRV - [2010/06/27 00:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)

DRV - [2010/06/27 00:05:05 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20100929.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2010/06/26 11:56:55 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/06/13 06:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)

DRV - [2010/01/07 14:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)

DRV - [2009/07/14 16:35:30 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV - [2008/08/21 00:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/24 14:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)

DRV - [2007/08/10 01:52:44 | 004,603,904 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-682003330-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-682003330-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/09/22 21:18:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 20:45:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 16:17:10 | 000,000,000 | ---D | M]

[2010/09/08 22:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2009/12/20 00:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/09/29 23:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nhjdf7av.default\extensions

[2010/09/08 23:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nhjdf7av.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

[2010/09/12 15:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nhjdf7av.default\extensions\personas@christopher.beard

[2010/09/29 23:15:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/15 20:44:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/18 12:52:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [MyCleanPC Registry Cleaner] C:\Program Files\CyberDefender\Registry Scanner\CDregclean.exe File not found

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe File not found

O4 - HKU\S-1-5-21-343818398-682003330-1801674531-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-343818398-682003330-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/24 03:17:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/25 02:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DivX Movies

[2010/09/22 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2010/09/22 21:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/09/22 19:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/09/08 22:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/09/08 22:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/09/08 22:59:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/09/08 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/08 22:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/09/03 18:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

[2010/09/03 18:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/09/03 14:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/08/30 00:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2010/08/30 00:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.thumbnails

[2010/08/30 00:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.6

[2010/08/30 00:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2010/08/28 22:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic

[2010/08/28 22:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

[2010/08/28 22:18:30 | 006,238,105 | ---- | C] (CCCP Project ) -- C:\Documents and Settings\Owner\My Documents\Combined-Community-Codec-Pack-2009-09-09.exe

[2010/08/18 12:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/08/09 22:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\NeroVision

[2010/08/02 15:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/07/25 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\WiFiConnector

[2010/07/15 20:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/07/09 20:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/07/09 20:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/30 19:59:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/30 19:58:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/30 19:58:47 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010/09/30 04:11:20 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/09/30 04:11:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/09/29 22:07:17 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Curse Client.appref-ms

[2010/09/28 22:37:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/27 01:55:29 | 004,845,648 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2010/09/26 00:09:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/23 01:04:37 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/09/22 21:17:00 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK

[2010/09/22 21:14:58 | 000,562,490 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB

[2010/09/22 21:13:34 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2010/09/22 21:13:34 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2010/09/22 21:13:34 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2010/09/22 21:13:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2010/09/15 21:25:52 | 000,015,693 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2010/09/12 00:36:38 | 244,139,488 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[EROBEAT]_Onmyouji_-_Youen_Emaki_-_02_[x264][6B940FF3].mp4

[2010/09/08 22:59:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/08 22:52:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/08 22:52:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/09/08 16:50:56 | 294,850,886 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[A-FanRips]_Kaibutsu_Oujo_-_02_[H264_AC3]_[824AE813].mkv

[2010/09/07 21:21:10 | 294,490,630 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[A-FanRips]_Kaibutsu_Oujo_-_01_[H264_AC3]_[8E6370E8].mkv

[2010/09/06 02:25:15 | 244,347,215 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Princess_Knight_Catue_-_01_[x264][9C17281F].mp4

[2010/08/30 13:51:05 | 000,082,554 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Eva2.gif

[2010/08/30 00:57:36 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DivX Movies.lnk

[2010/08/28 22:18:40 | 006,238,105 | ---- | M] (CCCP Project ) -- C:\Documents and Settings\Owner\My Documents\Combined-Community-Codec-Pack-2009-09-09.exe

[2010/08/27 23:13:41 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/27 17:58:20 | 000,000,023 | -H-- | M] () -- C:\WINDOWS\BlendSettings.ini

[2010/08/20 21:13:26 | 001,158,242 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\24715_145.jpg

[2010/08/20 21:11:20 | 001,579,339 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\12616849.jpg

[2010/08/17 18:20:10 | 000,015,400 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/17 18:18:49 | 001,983,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/17 02:21:53 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini

[2010/07/28 23:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys

[2010/07/28 23:33:04 | 000,007,444 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat

[2010/07/28 23:33:04 | 000,003,373 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf

[2010/07/28 22:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys

[2010/07/28 22:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys

[2010/07/28 22:54:36 | 000,007,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat

[2010/07/28 22:54:36 | 000,007,438 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat

[2010/07/28 22:54:36 | 000,001,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf

[2010/07/28 22:54:36 | 000,001,383 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf

[2010/07/25 14:56:45 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk

[2010/07/21 21:27:14 | 000,007,787 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat

[2010/07/21 21:27:14 | 000,007,446 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat

[2010/07/12 21:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys

[2010/07/12 21:20:21 | 000,294,448 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys

[2010/07/12 21:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys

[2010/07/12 21:20:00 | 000,001,473 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf

[2010/07/12 21:20:00 | 000,001,445 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf

[2010/07/12 20:50:50 | 000,007,438 | R--- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat

[2010/07/09 20:09:39 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/07/06 20:30:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010/07/04 17:47:22 | 000,711,472 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/26 17:00:26 | 003,397,838 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-18-Boss_Battle.mp3

[2010/09/26 17:00:25 | 028,633,974 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-17-FF_Battle_Medley.mp3

[2010/09/26 17:00:25 | 006,069,386 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-15-The_Prelude.mp3

[2010/09/26 17:00:25 | 003,785,241 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-16-Ending_Theme.mp3

[2010/09/26 17:00:24 | 007,576,133 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-14-Kiss_Me_Goodbye.mp3

[2010/09/26 17:00:24 | 006,538,567 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-13-1000_Words.mp3

[2010/09/26 17:00:23 | 009,699,371 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-12-Every_Heart.mp3

[2010/09/26 17:00:23 | 004,826,981 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-09-Korobeiniki.mp3

[2010/09/26 17:00:23 | 004,693,252 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-10-Bratja.mp3

[2010/09/26 17:00:23 | 004,217,868 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-11-Dr_Wilys.mp3

[2010/09/26 17:00:22 | 007,833,178 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-01-Scars_Of_Time.mp3

[2010/09/26 17:00:22 | 007,076,674 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-08-Vamo'alla_Flamenco.mp3

[2010/09/26 17:00:22 | 006,958,602 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-07-Sadness_And_Sorrow.mp3

[2010/09/26 17:00:22 | 005,847,875 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-04-Cruel_Angels_Thesis.mp3

[2010/09/26 17:00:22 | 003,986,895 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-02-Tank.mp3

[2010/09/26 17:00:22 | 002,881,420 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-06-Battle_With_Magus.mp3

[2010/09/26 17:00:22 | 002,876,180 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-03-Athletes_Rag.mp3

[2010/09/26 17:00:22 | 002,545,994 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Piano_Squall-05-Frogs_Theme.mp3

[2010/09/22 21:17:00 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK

[2010/09/16 05:07:03 | 244,139,488 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[EROBEAT]_Onmyouji_-_Youen_Emaki_-_02_[x264][6B940FF3].mp4

[2010/09/15 21:25:52 | 000,015,693 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2010/09/10 01:23:49 | 244,347,215 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Princess_Knight_Catue_-_01_[x264][9C17281F].mp4

[2010/09/09 01:18:23 | 001,579,339 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\12616849.jpg

[2010/09/09 01:18:23 | 001,158,242 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\24715_145.jpg

[2010/09/09 01:18:23 | 000,700,503 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Konachan.com---74574-kurono_kurumu-rosariovampire-shirayuki_mizore.jpg

[2010/09/09 01:18:23 | 000,454,566 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1 (10).jpg

[2010/09/08 22:59:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/08 22:52:06 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/08 22:52:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/09/08 16:42:27 | 294,850,886 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[A-FanRips]_Kaibutsu_Oujo_-_02_[H264_AC3]_[824AE813].mkv

[2010/09/07 21:14:20 | 294,490,630 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[A-FanRips]_Kaibutsu_Oujo_-_01_[H264_AC3]_[8E6370E8].mkv

[2010/08/30 00:59:54 | 000,082,554 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Eva2.gif

[2010/07/25 14:56:45 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk

[2010/07/06 20:30:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010/07/06 20:30:09 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Curse Client.appref-ms

[2010/05/29 22:21:36 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\ACTIVEJP.INI

[2010/05/27 04:18:15 | 000,008,192 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2010/05/14 16:32:45 | 000,006,064 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\c03a1910ab4c98b8fe52989672e7ed28-i686.cache-2

[2010/05/11 17:09:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat

[2010/05/03 17:19:24 | 000,001,543 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini

[2010/01/23 12:19:36 | 000,254,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/23 00:28:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2009/07/08 20:38:41 | 000,711,472 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2

[2009/06/12 16:00:39 | 000,000,023 | -H-- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/04/20 14:50:36 | 000,008,591 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2009/03/18 15:17:47 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/12 16:56:26 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/26 20:01:32 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/24 03:28:13 | 000,013,260 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/09/24 03:28:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/09/24 03:28:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/06/18 11:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll

========== LOP Check ==========

[2010/06/26 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/09/11 02:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2009/04/21 14:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/04/26 15:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2010/08/26 21:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2010/06/26 12:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/20 00:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/03/17 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft

[2010/05/10 11:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9

[2008/11/15 04:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameComm

[2010/01/31 20:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2010/09/15 21:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2009/01/10 14:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2010/03/31 08:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ringtone

[2009/07/09 18:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE

[2010/04/22 23:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2010/09/03 14:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific

[2009/12/23 00:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine

[2010/02/19 02:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vghd

[2008/09/24 20:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2009/03/23 12:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

-

Second the Extra.txt

-

OTL Extras logfile created on: 30/09/2010 8:04:10 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 177.95 Gb Free Space | 76.41% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: R2D2-70EE716B7A

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-343818398-682003330-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"58092:TCP" = 58092:TCP:*:Enabled:Pando Media Booster

"58092:UDP" = 58092:UDP:*:Enabled:Pando Media Booster

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"57029:TCP" = 57029:TCP:*:Enabled:Pando Media Booster

"57029:UDP" = 57029:UDP:*:Enabled:Pando Media Booster

"58710:TCP" = 58710:TCP:*:Enabled:Pando Media Booster

"58710:UDP" = 58710:UDP:*:Enabled:Pando Media Booster

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"58092:TCP" = 58092:TCP:*:Enabled:Pando Media Booster

"58092:UDP" = 58092:UDP:*:Enabled:Pando Media Booster

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10244:TCP" = 10244:TCP:LocalSubNet:Disabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Disabled:Zune Network Sharing Service

"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found

"C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe" = C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe:*:Enabled:Warhammer Online - Age of Reckoning -- (Mythic Entertainment, an EA Studio)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found

"C:\Documents and Settings\Owner\My Documents\Downloads\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe:*:Disabled:Blizzard Downloader -- File not found

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- File not found

"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)

"C:\WINDOWS\LMI122.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI122.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue -- File not found

"c:\documents and settings\owner\local settings\application data\asam.exe" = c:\documents and settings\owner\local settings\application data\asam.exe:*:Disabled:enable -- File not found

"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Disabled:Nexon Game Manager -- (Nexon)

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)

"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()

"C:\Documents and Settings\Owner\Local Settings\Apps\2.0\KAMVVBH5.OX7\A8V3OXV6.YM0\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe" = C:\Documents and Settings\Owner\Local Settings\Apps\2.0\KAMVVBH5.OX7\A8V3OXV6.YM0\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}" = Skins

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{554E0167-0B53-B866-9512-44B766FABAAF}" = ccc-utility

"{55574205-0833-A7A2-FD0D-D1520E5469DD}" = CCC Help English

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}" = Catalyst Control Center Graphics Full New

"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = File Viewer Utility 1.3.1

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{82E760D8-F344-3DE4-134D-2D782E31AACF}" = Catalyst Control Center Core Implementation

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials

"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}" = Catalyst Control Center Graphics Previews Common

"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D622363-9235-E8F0-380C-D9114D77FB52}" = ccc-core-static

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE

Harn · October 1, 2010