Infected?

[Trav]

Good Day,

Recently I tried updating my copy of "The Free FLV Converter" which resulted in the addition of several messy plugins that tried to redirect all traffic on this system. I've since managed to disable and remove plugin components, but unfortunately am uncertain whether something more malicious might have been added. At the moment I'm setting up my copy of Avast! to preform a boot time scan. If anyone could provide me any advice on how to address this problem after this scan I would be most grateful.

~Trav

EDIT(12/14/2011): The boot time scan succeeded but failed to find anything of note. However, I've noticed that several files have had their file types change (mostly vidoes) and my version of firefox has had it's search engines and default homepage changed. I revert them to the originals, but they seem to change every time I restart the machine.

EDIT THE SECOND(14/14/2011): It seems that all I need to do to get the described behavior from firefox is to restart it, not the entire computer system. I also discovered that the file changes were an expected result of a recent videoplayer I installed and shouldn't be of any concern. My big worry here is that this (whatever it is) is also screening my browsers for passwords. Any help in dealing with this problem would be highly appreciated

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[Trav]

Greetings,

I ran the MBAM quickscan and got the results posted below. I have tried running DDS twice, both times with my AV deactivated and my firewall down. Both times the scan hung at 20 minutes and I was forced to hard shutdown. Even more frightening, upon trying to get to this site via chrome on my last reset the machine suffered from a stop error. I've attached a stop error file report file in the event it is somehow relevant.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8197

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/19/2011 5:43:03 PM

mbam-log-2011-11-19 (17-43-03).txt

Scan type: Quick scan

Objects scanned: 182724

Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

report.html

[screen317]

Hi,

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

[Trav]

OTL logfile created on: 11/27/2011 12:59:39 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amun-Ra 13\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free

5.09 Gb Paging File | 3.78 Gb Available in Paging File | 74.23% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 50.60 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Drive E: | 690.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 1.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive H: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SEKHMET | User Name: Amun-Ra 13 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exe

PRC - [2011/10/02 05:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe

PRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2011/06/23 14:54:51 | 000,490,112 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\realplay.exe

PRC - [2011/06/23 14:54:41 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\Update\realsched.exe

PRC - [2011/06/11 11:08:44 | 002,600,264 | ---- | M] (Mister Group) -- C:\Program Files\System Explorer\SystemExplorer.exe

PRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe

PRC - [2010/10/21 08:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe

PRC - [2010/10/21 08:38:32 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

PRC - [2010/10/21 08:38:32 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

PRC - [2010/10/21 08:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe

PRC - [2009/06/22 11:28:56 | 000,335,872 | ---- | M] (Dura Micro, Inc) -- C:\Program Files\AutoTask\AutoTask.exe

PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/27 00:50:50 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\algo.dll

MOD - [2011/11/25 11:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\aswRep.dll

MOD - [2011/11/20 02:51:25 | 001,618,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112000\algo.dll

MOD - [2011/11/15 05:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112000\aswRep.dll

MOD - [2010/10/21 08:38:34 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll

MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2008/05/02 21:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010/10/26 10:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2010/10/21 08:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2010/10/21 08:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

========== Driver Services (SafeList) ==========

DRV - [2011/09/06 14:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 14:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 14:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 14:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 14:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 14:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 14:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/02 20:36:10 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/10/05 12:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2010/10/05 12:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2010/03/17 02:40:12 | 005,878,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/17 17:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/17 17:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/07/31 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) NVIDIA Network Bus (by 3DP)

DRV - [2008/07/31 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/04/30 04:11:04 | 000,004,224 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\REFILERW.SYS -- (REFILERW)

DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/04/24 03:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413

IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"

FF - prefs.js..browser.search.defaultthis.engineName: " "

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Searchqu Web Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1

FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06

FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.1.5

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=413&sr=0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/11/08 02:44:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/09 03:00:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/08 07:12:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/23 14:55:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/22 13:06:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 12:47:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 16:31:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/22 13:06:25 | 000,000,000 | ---D | M]

[2011/11/09 17:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Extensions

[2011/11/26 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions

[2011/10/29 15:19:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/11/09 12:12:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/19 17:06:20 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011/10/08 12:01:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2011/11/11 12:06:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/05/13 21:15:34 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\DefaultManager@Microsoft

[2010/11/11 10:08:16 | 000,000,000 | ---D | M] (Ad Hacker) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\firefox@adhacker.com

[2011/11/26 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\staged

[2011/04/13 01:01:31 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\searchplugins\youtube-video-search.xml

[2011/11/12 12:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/19 21:02:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/05/21 09:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI

[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/06/12 15:17:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/09 16:50:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: WOT = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\

CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKCU..\Run: [systemExplorerAutoStart] C:\Program Files\System Explorer\SystemExplorer.exe (Mister Group)

O4 - Startup: C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E72B4C8-E076-432D-AF33-D02711C86F7A}: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/22 18:39:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2000/01/06 15:35:04 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2009/10/01 18:15:21 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ]

O32 - AutoRun File - [2007/06/10 22:25:04 | 000,263,744 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/06/28 12:34:01 | 000,006,299 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2002/03/07 11:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2003/07/01 08:35:28 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2003/07/07 10:44:28 | 000,000,990 | R--- | M] () - H:\autorun.ini -- [ CDFS ]

O33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell\AutoRun\command - "" = H:\Launcher.exe

O33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/10/29 10:11:12 | 000,032,768 | R--- | M] ()

O33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2002/03/07 11:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)

O33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRun

O33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = H:\panel.exe -SecondCD

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/10/29 10:11:12 | 000,032,768 | R--- | M] ()

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2007/06/10 22:25:04 | 000,263,744 | R--- | M] (Firaxis Games)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 12:53:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exe

[2011/11/20 05:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\NirSoft BlueScreenView

[2011/11/20 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft

[2011/11/19 17:44:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Administrative Tools

[2011/11/19 17:43:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Amun-Ra 13\Desktop\dds.scr

[2011/11/09 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Freecorder

[2011/11/09 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\FLVService

[2011/11/09 23:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder

[2011/11/09 23:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder

[2011/11/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Revo Uninstaller

[2011/11/09 17:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Application Data\searchqutoolbar

[2011/11/09 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar

[2011/11/09 16:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011/11/09 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\SearchCore for Browsers

[2011/11/08 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Desktop\Magic The Gathering

[2011/10/29 18:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2011/10/29 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Overlord

[2011/10/29 03:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\CrashRpt

[2011/10/29 03:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow

[2011/10/29 03:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow

[2011/10/29 03:06:13 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll

[2011/10/29 03:06:13 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll

[2011/10/29 03:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL

[2011/10/29 03:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Grotesque-Tactics

[2011/10/29 02:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Painkiller Overdose

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 12:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exe

[2011/11/27 05:31:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/27 00:31:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/27 00:30:33 | 054,194,381 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Japan, Kami_ The Gods of Shinto.mp4

[2011/11/23 17:30:26 | 000,402,742 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\MEANSGRAPH.bmp

[2011/11/23 17:26:05 | 000,350,074 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Means.bmp

[2011/11/23 16:44:22 | 001,515,486 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Test sample.bmp

[2011/11/22 17:38:54 | 010,232,907 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\TF2_ The Infamous Engie-Ninja.flv

[2011/11/21 10:11:05 | 000,645,325 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\1lERs.jpg

[2011/11/21 01:01:42 | 000,034,495 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\132184022153.jpg

[2011/11/20 21:16:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/20 19:33:57 | 000,025,418 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\PONY.jpg

[2011/11/20 05:49:08 | 000,003,732 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\report.html

[2011/11/20 05:47:15 | 000,129,813 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\bluescreenview_setup.exe

[2011/11/20 05:37:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-1035525444-725345543-1004.job

[2011/11/20 05:36:34 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/11/20 05:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/20 05:36:07 | 3489,189,888 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/20 05:36:05 | 154,415,104 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/11/20 05:22:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/19 17:43:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Amun-Ra 13\Desktop\dds.scr

[2011/11/17 15:55:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-1035525444-725345543-1004.job

[2011/11/15 21:30:06 | 002,560,258 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The Sun_ Page 3 - the woman you_d love your woman to be like.flv

[2011/11/14 16:58:18 | 000,006,535 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\illskillzazn+rolled+a+random+image+This+is+waht+you+get+_92b1d203286ae016bcf316ed37905cb7.jpg

[2011/11/12 15:01:36 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111112_150134.reg

[2011/11/12 14:41:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/12 12:47:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/11/12 12:47:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/11 17:35:41 | 057,723,659 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The RSA.flv

[2011/11/09 17:24:13 | 000,023,062 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111109_172406.reg

[2011/11/08 17:57:29 | 000,035,100 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\August-04-2011-21-22-53-twistedvintageblogspotFirstPosts461x700214003580.jpeg

[2011/11/08 17:57:13 | 000,025,477 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\November-06-2011-03-06-46-tumblrlts27gb8oI1qadvboo11280.jpg

[2011/11/07 10:44:08 | 000,526,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/07 10:44:08 | 000,096,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/04 12:17:56 | 000,311,296 | ---- | M] (FLV.com) -- C:\WINDOWS\System32\TubeFinder.exe

[2011/10/31 12:15:56 | 000,029,769 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\rev3_fa_11.pdf

[2011/10/29 03:06:13 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll

[2011/10/29 03:06:13 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 00:29:20 | 054,194,381 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Japan, Kami_ The Gods of Shinto.mp4

[2011/11/23 17:28:25 | 000,402,742 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\MEANSGRAPH.bmp

[2011/11/23 17:26:05 | 000,350,074 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Means.bmp

[2011/11/23 16:44:22 | 001,515,486 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Test sample.bmp

[2011/11/22 17:38:06 | 010,232,907 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\TF2_ The Infamous Engie-Ninja.flv

[2011/11/21 10:11:04 | 000,645,325 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\1lERs.jpg

[2011/11/21 01:01:41 | 000,034,495 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\132184022153.jpg

[2011/11/20 19:33:56 | 000,025,418 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\PONY.jpg

[2011/11/20 05:54:30 | 000,003,732 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\report.html

[2011/11/20 05:47:15 | 000,129,813 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\bluescreenview_setup.exe

[2011/11/15 21:30:02 | 002,560,258 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The Sun_ Page 3 - the woman you_d love your woman to be like.flv

[2011/11/14 16:58:17 | 000,006,535 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\illskillzazn+rolled+a+random+image+This+is+waht+you+get+_92b1d203286ae016bcf316ed37905cb7.jpg

[2011/11/12 15:01:35 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111112_150134.reg

[2011/11/11 17:23:31 | 057,723,659 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The RSA.flv

[2011/11/09 17:24:07 | 000,023,062 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111109_172406.reg

[2011/11/08 17:57:29 | 000,035,100 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\August-04-2011-21-22-53-twistedvintageblogspotFirstPosts461x700214003580.jpeg

[2011/11/08 17:57:13 | 000,025,477 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\November-06-2011-03-06-46-tumblrlts27gb8oI1qadvboo11280.jpg

[2011/10/31 12:17:25 | 000,029,769 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\rev3_fa_11.pdf

[2011/10/29 03:07:47 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/08/25 16:18:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\TwistedPNG.dll

[2011/08/25 16:18:26 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\TwistedTiff.DLL

[2011/08/22 13:01:33 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins43.dat

[2011/08/22 13:01:33 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat

[2011/08/21 15:05:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2011/05/23 01:10:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Shipsw.ini

[2011/03/20 00:05:54 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/03/20 00:05:52 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/03/20 00:05:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/03/20 00:05:45 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011/03/20 00:04:32 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/12/23 12:39:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2010/12/14 14:34:54 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI

[2010/11/29 21:47:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/13 12:06:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/08 02:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/11/04 19:50:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2010/11/04 19:29:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010/11/04 18:12:53 | 000,817,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/10/07 16:03:53 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI

[2010/10/07 16:03:53 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI

[2010/10/07 16:03:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI

[2010/10/07 16:03:30 | 000,004,224 | R--- | C] () -- C:\WINDOWS\System32\drivers\REFILERW.SYS

[2010/10/07 16:03:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI

[2010/10/03 15:21:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010/07/04 10:39:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2010/06/13 19:23:48 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/11 06:56:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/04/23 10:40:21 | 000,002,928 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/04/23 10:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/04/22 18:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/04/22 18:37:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/04/22 11:55:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/22 11:53:14 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/05/02 21:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/05/02 21:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2008/05/02 21:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/05/02 21:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2008/05/02 21:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/05/02 21:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/05/02 21:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2008/05/02 21:46:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2008/05/02 21:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 06:00:00 | 000,526,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 06:00:00 | 000,096,338 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED17083

< End of report >

[Trav]

OTL Extras logfile created on: 11/27/2011 12:59:39 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amun-Ra 13\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free

5.09 Gb Paging File | 3.78 Gb Available in Paging File | 74.23% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 50.60 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Drive E: | 690.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 1.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive H: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SEKHMET | User Name: Amun-Ra 13 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"56797:TCP" = 56797:TCP:*:Enabled:Pando Media Booster

"56797:UDP" = 56797:UDP:*:Enabled:Pando Media Booster

"57349:TCP" = 57349:TCP:*:Enabled:Pando Media Booster

"57349:UDP" = 57349:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"56797:TCP" = 56797:TCP:*:Enabled:Pando Media Booster

"56797:UDP" = 56797:UDP:*:Enabled:Pando Media Booster

"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher

"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher

"57349:TCP" = 57349:TCP:*:Enabled:Pando Media Booster

"57349:UDP" = 57349:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

"C:\Documents and Settings\Amun-Ra 13\My Documents\Downloads\StarCraft_2_Beta_enUS.exe" = C:\Documents and Settings\Amun-Ra 13\My Documents\Downloads\StarCraft_2_Beta_enUS.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\Steam\steamapps\travza\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\travza\team fortress 2\hl2.exe:*:Enabled:hl2

"C:\Program Files\Steam\steamapps\amunra13\opposing force\hl.exe" = C:\Program Files\Steam\steamapps\amunra13\opposing force\hl.exe:*:Enabled:Half-Life: Opposing Force -- (Valve)

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)

"C:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = C:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect

"C:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)

"C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:The Elder Scrolls IV: Oblivion -- (Bethesda Softworks)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe" = C:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good & Evil -- (Ubisoft)

"C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition

"C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)

"C:\Program Files\Steam\steamapps\common\universe sandbox\Universe Sandbox.exe" = C:\Program Files\Steam\steamapps\common\universe sandbox\Universe Sandbox.exe:*:Enabled:Universe Sandbox -- (Universe Sandbox)

"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)

"C:\Program Files\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe" = C:\Program Files\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe:*:Enabled:Grotesque Tactics: Evil Heroes -- (Silent Dreams)

"C:\Program Files\Steam\steamapps\common\painkiller overdose\Bin\Overdose.exe" = C:\Program Files\Steam\steamapps\common\painkiller overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose -- (Mindware Studios)

"C:\Program Files\Steam\steamapps\common\overlord\Overlord.exe" = C:\Program Files\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- (Triumph Studios)

"C:\Program Files\Steam\steamapps\common\overlord\Config.exe" = C:\Program Files\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()

"C:\Program Files\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe" = C:\Program Files\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()

"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()

"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)

"C:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe" = C:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe:*:Enabled:Fallout: New Vegas -- (Bethesda Softworks, Obsidian Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords

"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder

"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords

"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{B04B0C84-93F1-46F0-8990-D665A1DDC6A4}" = CC3 View

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C6A25E66-9B02-448F-91FB-B69CF822B819}" = Fate of the World

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 1.2.6

"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0

"avast" = avast! Free Antivirus

"CC3 View" = CC3 View

"CCleaner" = CCleaner

"CDisplay_is1" = CDisplay 1.8

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Defraggler" = Defraggler

"Desktop Video Recorder_is1" = Desktop Video Recorder 3.0

"Deus Ex" = Deus Ex

"DivX Setup.divx.com" = DivX Setup

"DMX5_is1" = DriverMax 5

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]

"Freecorder5.07" = Freecorder 5

"FreshDevices - FreshDiagnose_is1" = FreshDiagnose

"FreshDevices - FreshUI_is1" = FreshUI

"gAlarm" = gAlarm

"Google Chrome" = Google Chrome

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photo Creations" = HP Photo Creations

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"ips XP_is1" = ips XP 1.11.2600

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LogMeIn Hamachi" = LogMeIn Hamachi

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mount&Blade Warband" = Mount&Blade Warband

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Pen Tablet Driver" = Bamboo

"PerformanceTest 7_is1" = PerformanceTest v7.0

"RealPlayer 12.0" = RealPlayer

"Recuva" = Recuva

"Revo Uninstaller" = Revo Uninstaller 1.93

"SearchCore for Browsers" = SearchCore for Browsers

"Searchqu 413 MediaBar" = Windows Searchqu Toolbar

"Shop for HP Supplies" = Shop for HP Supplies

"Speccy" = Speccy

"ST5UNST #1" = Heaven & Earth

"ST6UNST #1" = Ships III for Windows

"Steam App 11450" = Overlord

"Steam App 1250" = Killing Floor

"Steam App 15130" = Beyond Good & Evil

"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™

"Steam App 220" = Half-Life 2

"Steam App 22330" = The Elder Scrolls IV: Oblivion

"Steam App 22380" = Fallout: New Vegas

"Steam App 240" = Counter-Strike: Source

"Steam App 3270" = Painkiller Overdose

"Steam App 3590" = Plants vs. Zombies: Game of the Year

"Steam App 3720" = Evil Genius

"Steam App 39800" = Nation Red

"Steam App 4000" = Garry's Mod

"Steam App 40800" = Super Meat Boy

"Steam App 42120" = Lead and Gold - Gangs of the Wild West

"Steam App 46450" = Grotesque Tactics: Evil Heroes

"Steam App 48000" = LIMBO

"Steam App 550" = Left 4 Dead 2

"Steam App 6910" = Deus Ex: Game of the Year Edition

"Steam App 72200" = Universe Sandbox

"Steam App 7670" = BioShock

"Steam App 8980" = Borderlands

"System Explorer_is1" = System Explorer 2.9.0

"ThiefGoldDeinstallKey" = Thief Gold

"Toshiba AutoTask" = Toshiba AutoTask

"VLC media player" = VLC media player 1.1.7

"VTFEdit_is1" = VTFEdit 1.2.5

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Warcraft III" = Warcraft III

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.7

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/19/2011 3:30:43 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting

module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 11/19/2011 7:05:42 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.260.3, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x00012905.

Error - 11/19/2011 7:05:45 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1001

Description = Fault bucket -1814050132.

Error - 11/20/2011 7:19:24 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module

acrord32.dll, version 10.1.1.33, fault address 0x00021b12.

Error - 11/20/2011 7:19:26 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1001

Description = Fault bucket -1688536257.

Error - 11/22/2011 2:58:26 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting

module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 11/22/2011 2:13:55 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting

module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 11/27/2011 2:30:43 AM | Computer Name = SEKHMET | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\DESKTOP\JAPAN, KAMI_

THE GODS OF SHINTO.MP4> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 11/27/2011 2:30:44 AM | Computer Name = SEKHMET | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\DESKTOP\JAPAN, KAMI_

THE GODS OF SHINTO.MP4> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 11/27/2011 2:54:11 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000

Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting

module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

[ System Events ]

Error - 11/16/2011 3:08:06 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/16/2011 3:08:15 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1001

Description = Your computer was not assigned an address from the network (by the

DHCP Server) for the Network Card with network address 001D7D9FCE27. The following

error occurred: %%1223. Your computer will continue to try and obtain an address

on its own from the network address (DHCP) server.

Error - 11/17/2011 12:33:19 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/18/2011 12:48:49 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/19/2011 2:44:33 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/21/2011 12:00:59 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/22/2011 12:32:40 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/23/2011 3:39:20 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/26/2011 4:37:50 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

Error - 11/27/2011 2:45:05 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 66.188.219.32 on

the Network Card with network address 001D7D9FCE27.

< End of report >

[screen317]

Hi,

My apologies for the extended delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[shadowwar]

Unlocked at request of OP.

[Trav]

My apologies for the extended absence.

I've tried running combofix as per your request, but all three times I've attempted to run it the program hangs. I disabled my copy of Avast! and disabled the Windows Firewall, but neither action allowed me to run combofix. Recently Malwarebytes caught a few infected files, but the log for the infected files found seems to have gone missing.

I'm also noticing several BSOD errors, however I'm not sure those are related to any infections that might exist.

[screen317]

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

[Trav]

I attempted to run combofix as you directed, but for some reason I got a warning saying that Avast! antivirus was blocking the program from running it's script. How that is possible eludes me, seeing as the machine was running in safe mode and when I opened the task manager I didn't see an avast process. Furthermore, wasn't the /killall command supposed to terminate all non-essential processes?

Any advice you could provide would be appreciated.

[screen317]

Temporarily uninstall avast (disconnect from the Internet to be safe), then try again with a fresh copy of ComboFix.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!