SystemDir Regedit & Explorer How to fix Malware?

View previous topic View next topic Go down

SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Thu 08 Jul 2010, 8:33 am

I scanned with BAZOOKA scanner after having my Email account hijacked a few times, had to change password.

The Bazooka scan said
systemdir.explorer
systemdir.edgedit

Were infected and serious.

I've been told to simply delete the regedit.exe & exploror.exe that at in the SYSTEM folder since the WINDOWS folder is the legitimate location for both files.

Using OS Windows 7 home premium 64 bit edition

Here is all the information this board's FAQ told me to include

OLT Log 1st

OTL logfile created on: 7/7/2010 5:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Crackles\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 81.00 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 83.49 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 23.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 194.00 Mb Total Space | 166.85 Mb Free Space | 86.00% Space Free | Partition Type: FAT32

Computer Name: BOBBY
Current User Name: Crackles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
PRC - [2010/05/18 17:04:46 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:14 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/17 16:03:11 | 000,296,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetMeter114beta_4.exe
PRC - [2009/11/25 09:24:14 | 004,009,592 | ---- | M] (Almico Software ([You must be registered and logged in to see this link.] -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004/01/06 05:57:30 | 000,660,992 | ---- | M] (Think Less Do More Services) -- C:\Program Files (x86)\AvaFind\AvaFind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/03 19:22:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/16 10:07:10 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/11/16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL) HDTV110 TV Box(ALL)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2009/12/17 02:10:34 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 66 A6 C2 33 88 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "[You must be registered and logged in to see this link.]
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "[You must be registered and logged in to see this link.]
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.0
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.8.8
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..extensions.enabledItems: {403304EE-066A-4a2a-8F41-F12028480A0A}:1.8.61
FF - prefs.js..extensions.enabledItems: {8479ade0-2eec-11de-8c30-0800200c9a66}:2.2.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
FF - prefs.js..network.proxy.share_proxy_settings: true


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 15:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 01:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/27 01:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/12 01:08:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/16 21:43:01 | 000,000,000 | ---D | M]

[2010/01/02 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions
[2010/01/02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/04 00:52:34 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (iPox Aqua) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\elemhidehelper@adblockplus.org
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nick@getcellphonenumber.com
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nosquint@urandom.ca
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\support@ancestry.com
[2010/07/07 13:44:22 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions
[2010/05/17 21:31:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/26 20:46:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 14:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2009/12/20 15:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/19 03:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2010/06/27 21:35:34 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 22:32:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/20 15:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/06/19 12:31:33 | 000,000,000 | ---D | M] (Stratini Padded) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
[2010/04/13 13:24:52 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/23 15:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2010/07/03 18:23:08 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/05/26 19:48:42 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 22:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2010/03/12 17:57:42 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/05/01 01:24:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/11 21:21:51 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/05/30 18:12:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/27 01:25:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/17 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2010/06/29 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromeditplus@webdesigns.ms11.net
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com
[2009/12/16 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\elemhidehelper@adblockplus.org
[2009/12/19 03:45:10 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nick@getcellphonenumber.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nosquint@urandom.ca
[2010/06/13 01:39:14 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswordeditor@daniel.dawson
[2010/05/30 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswords@adamfranco.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\support@ancestry.com
[2010/03/16 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\tinyurl.addon@fast-chat.co.uk
[2010/04/16 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\content
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\defaults
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\locale
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\skin
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/11 21:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/07/01 08:22:12 | 000,000,880 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\conduit.xml
[2010/01/16 02:08:02 | 000,000,003 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\GoogleFeed.xml
[2010/07/07 03:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 19:34:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/25 19:34:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/17 20:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/07/07 13:38:32 | 000,392,034 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13539 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvaFind] C:\Program Files (x86)\AvaFind\AvaFind.exe (Think Less Do More Services)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk = C:\Users\Crackles\Desktop\PAIN-X-X.ods ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software ([You must be registered and logged in to see this link.]
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk = C:\Users\Crackles\Desktop\SSD Tweak 2.txt File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 13:38:33 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/07 14:19:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/07/07 13:37:35 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/07/07 13:36:49 | 000,662,360 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 22:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bazooka Scanner
[2010/07/04 00:59:09 | 009,205,688 | ---- | C] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/03 15:17:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MISC Folders
[2010/07/03 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\A8S-X sensor
[2010/07/03 15:16:29 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SSD Folder
[2010/07/03 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\Audacity
[2010/07/03 14:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/07/01 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Open Office ALL DATES
[2010/07/01 13:01:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\RamDisk Setup
[2010/07/01 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\..YOUTUB.E
[2010/07/01 12:59:09 | 000,000,000 | ---D | C] -- C:\Users\Crackles\New folder
[2010/06/30 01:11:55 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\AvaFind Data
[2010/06/30 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AvaFind
[2010/06/30 00:47:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MOM Folder
[2010/06/30 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\DAD Folder
[2010/06/29 23:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMDisk
[2010/06/29 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\CAMERA DUMP 2010
[2010/06/28 12:02:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\grepWin
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/27 04:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/27 01:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/06/24 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Write Cache
[2010/06/23 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PointsCalculator
[2010/06/22 20:55:46 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\OC OVERCLOK
[2010/06/22 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Benchmark
[2010/06/22 15:47:12 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/20 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/06/20 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SPANISH Learn Speak Spanish Learning
[2010/06/20 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Storms MP3 Thunder Wind DANGER
[2010/06/20 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy GIF Animator
[2010/06/20 00:20:21 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\NEW PICS 2010
[2010/06/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Documents\EverioCopy
[2010/06/18 23:00:48 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Yahoo Email Addys
[2010/06/18 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\S730 Camera
[2010/06/14 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Local\Google
[2010/06/13 01:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/13 01:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/13 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/12 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Weather ALL
[2010/06/11 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Population
[2010/06/10 20:27:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Money Issues
[2010/06/09 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\EPB Net
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/06/08 01:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 17:18:16 | 007,602,176 | -HS- | M] () -- C:\Users\Crackles\NTUSER.DAT
[2010/07/07 14:47:00 | 000,049,649 | ---- | M] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/07/07 14:47:00 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:38:33 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | M] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | M] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/07 13:36:49 | 000,662,360 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 17:30:00 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\My Backup 1-21-2010 SSD BACKUP xml.job
[2010/07/05 18:35:47 | 000,022,779 | ---- | M] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/05 18:35:46 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/05 14:01:59 | 000,010,542 | ---- | M] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/05 01:35:40 | 000,009,788 | ---- | M] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:59:18 | 009,205,688 | ---- | M] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/04 00:50:47 | 000,744,529 | ---- | M] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:25:20 | 000,046,367 | ---- | M] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 14:06:48 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:53:02 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/02 20:53:02 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/02 20:53:02 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 20:48:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/02 20:48:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 20:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/02 20:48:07 | 210,763,776 | ---- | M] () -- C:\RAMDisk.img
[2010/07/02 20:47:28 | 004,358,548 | -H-- | M] () -- C:\Users\Crackles\AppData\Local\IconCache.db
[2010/07/02 14:46:51 | 000,052,148 | ---- | M] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 23:24:21 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/01 14:11:24 | 000,018,904 | ---- | M] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/07/01 13:41:51 | 000,001,472 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/06/30 19:03:51 | 000,260,027 | ---- | M] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 01:11:53 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:03:22 | 000,015,126 | ---- | M] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 16:45:37 | 000,007,710 | ---- | M] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | M] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:41 | 000,044,319 | ---- | M] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:41 | 000,016,496 | ---- | M] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/28 00:03:51 | 000,013,305 | ---- | M] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:46:25 | 000,013,241 | ---- | M] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/27 21:54:21 | 000,019,556 | ---- | M] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/27 20:54:42 | 000,026,092 | ---- | M] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 21:21:56 | 000,011,751 | ---- | M] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | M] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 23:44:51 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/24 21:58:16 | 000,326,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/24 21:51:58 | 000,000,972 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | M] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/23 20:35:33 | 000,079,800 | ---- | M] () -- C:\Users\Crackles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/22 21:03:00 | 000,022,293 | ---- | M] () -- C:\Users\Crackles\Desktop\PILL COUNT JUNE 5 AT 6 PM.ods
[2010/06/22 20:58:33 | 000,018,719 | ---- | M] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 15:47:10 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/22 13:48:21 | 000,013,943 | ---- | M] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | M] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 12:05:15 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/06/18 19:44:06 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 13:38:33 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | C] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | C] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/05 14:01:58 | 000,010,542 | ---- | C] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:50:48 | 000,744,529 | ---- | C] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:30:31 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/03 18:30:30 | 000,022,779 | ---- | C] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/03 18:25:19 | 000,046,367 | ---- | C] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 18:07:00 | 000,009,788 | ---- | C] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/03 14:06:48 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:48:58 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/02 14:46:51 | 000,052,148 | ---- | C] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 20:49:45 | 210,763,776 | ---- | C] () -- C:\RAMDisk.img
[2010/06/30 19:03:51 | 000,260,027 | ---- | C] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 13:41:38 | 000,018,904 | ---- | C] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/06/30 01:11:53 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:02:23 | 000,015,126 | ---- | C] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 15:40:14 | 000,007,710 | ---- | C] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | C] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:39 | 000,044,319 | ---- | C] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:40 | 000,016,496 | ---- | C] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/27 23:50:54 | 000,013,305 | ---- | C] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:03:39 | 000,013,241 | ---- | C] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/26 21:32:39 | 000,026,092 | ---- | C] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 20:35:16 | 000,011,751 | ---- | C] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/26 15:59:19 | 000,019,556 | ---- | C] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | C] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 21:51:58 | 000,000,972 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | C] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/22 20:58:31 | 000,018,719 | ---- | C] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 12:55:56 | 000,013,943 | ---- | C] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | C] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 18:40:51 | 000,049,649 | ---- | C] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/06/18 19:44:06 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[2010/06/18 10:04:00 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/05/25 21:51:32 | 000,611,328 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2010/05/24 23:18:04 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2010/03/12 01:27:09 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/11 14:40:54 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010/03/11 11:17:27 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/11 01:33:51 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/01/02 21:41:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/01/02 21:41:03 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009/12/31 23:08:26 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/18 13:20:25 | 000,006,318 | ---- | C] () -- C:\Windows\silkquit.ini
[2009/12/18 00:41:31 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/18 00:41:30 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2009/12/18 00:41:30 | 000,237,646 | ---- | C] () -- C:\Windows\SysWow64\Snap_device.dll
[2009/12/18 00:41:30 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll
[2009/12/17 23:50:23 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/12/17 02:04:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/12/16 23:47:48 | 000,001,108 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 368 bytes -> C:\Users\Crackles\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Thu 08 Jul 2010, 8:51 am

Website would not allow OLT & Extras in same message.
Here are links to both.

OLT TEXT FILE HERE
[You must be registered and logged in to see this link.]

EXTRAS Log here
[You must be registered and logged in to see this link.]

I've replied to include the EXTRAS text to go with my Original post above which only has the OLT file in the posting.

EXTRA HERE:
OTL Extras logfile created on: 7/7/2010 5:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Crackles\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 81.00 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 83.49 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 23.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 194.00 Mb Total Space | 166.85 Mb Free Space | 86.00% Space Free | Partition Type: FAT32

Computer Name: BOBBY
Current User Name: Crackles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0913-000001000000}" = 7-Zip 9.13 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57B012C9-5EAD-441B-9925-6B560B543D87}" = ESET NOD32 Antivirus
"{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}" = HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"CrystalDiskMark_is1" = CrystalDiskMark 2.2.0n
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{354D401F-05B6-4A1D-8E92-47C1BBC5302C}" = C5500
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DD5A7FC-0DC3-4BCC-BCDF-3A4EBE565799}" = PS_AIO_04_C5500_Software_Min
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{909577E9-BFB5-48E2-8237-71DCA373F147}" = Ava Find
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3A6202F-8F3E-424C-83B8-189F92A1AB43}" = One Touch Video Capture
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = VC500 Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.2.1
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.6
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.4
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"Easy GIF Animator_is1" = Easy GIF Animator 5.02
"Easy Picture2Icon" = Easy Picture2Icon 2.5
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"HD Tune_is1" = HD Tune 2.55
"ImgBurn" = ImgBurn
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Legacy 6.0" = Legacy 6.0
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PointsCalculator_is1" = PointsCalculator 1.0.0.0
"Precision" = EVGA Precision 1.9.4
"Revo Uninstaller" = Revo Uninstaller 1.88
"SilkQuit_is1" = SilkQuit v2.60
"Source Edit_is1" = Source Edit 4.0
"SpeedFan" = SpeedFan (remove only)
"StarCraft II Beta" = StarCraft II Beta
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Application Detect
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2010 1:01:37 AM | Computer Name = bobby | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 6/29/2010 1:01:47 AM | Computer Name = bobby | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/30/2010 1:46:55 AM | Computer Name = bobby | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 6/30/2010 1:47:07 AM | Computer Name = bobby | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/1/2010 7:51:30 PM | Computer Name = bobby | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Creates a RAMDisk' could not be shut down.

Error - 7/2/2010 2:18:35 AM | Computer Name = bobby | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2010 2:18:46 AM | Computer Name = bobby | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/3/2010 3:13:41 AM | Computer Name = bobby | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/3/2010 3:13:51 AM | Computer Name = bobby | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/7/2010 1:38:03 PM | Computer Name = bobby | Source = MsiInstaller | ID = 11721
Description =

[ System Events ]
Error - 6/29/2010 12:18:28 AM | Computer Name = bobby | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/30/2010 12:00:17 AM | Computer Name = bobby | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 7/1/2010 2:18:41 PM | Computer Name = bobby | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 7/1/2010 7:48:54 PM | Computer Name = bobby | Source = RAMDiskVE | ID = 458763
Description = Message: Unable to open file for disk image load.

Error - 7/1/2010 7:56:16 PM | Computer Name = bobby | Source = RAMDiskVE | ID = 458763
Description = Message: Unable to open file for disk image load.

Error - 7/1/2010 8:58:38 PM | Computer Name = bobby | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 7/1/2010 11:52:01 PM | Computer Name = bobby | Source = volsnap | ID = 393252
Description = The shadow copies of volume D: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/2/2010 8:49:33 PM | Computer Name = bobby | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 7/7/2010 1:37:02 PM | Computer Name = bobby | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 7/7/2010 1:37:02 PM | Computer Name = bobby | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by Belahzur on Thu 08 Jul 2010, 10:27 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Thu 08 Jul 2010, 12:48 pm

Belahzur wrote:Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Here is POST log you requested.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4290

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/7/2010 9:42:48 PM
mbam-log-2010-07-07 (21-42-48).txt

Scan type: Quick scan
Objects scanned: 124819
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by Belahzur on Fri 09 Jul 2010, 1:47 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Fri 09 Jul 2010, 2:49 pm

Belahzur wrote:Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

So does this mean the Bazooka Scan results were all False Positives???

Here is newest SCAN log

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4294

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/8/2010 11:38:32 PM
mbam-log-2010-07-08 (23-38-32).txt

Scan type: Quick scan
Objects scanned: 125087
Time elapsed: 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by Belahzur on Sat 10 Jul 2010, 4:51 am

Hello.
Bazooka isn't one the most reliable scanners.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    Adobe Reader 9.3
    Java(TM) 6 Update 16 (64-bit)

  • Click on the Uninstall/Change button at the top.

How is the machine running? doesn't look too bad log wise.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Sat 10 Jul 2010, 2:46 pm

Belahzur wrote:Hello.
Bazooka isn't one the most reliable scanners.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    Adobe Reader 9.3
    Java(TM) 6 Update 16 (64-bit)

  • Click on the Uninstall/Change button at the top.

How is the machine running? doesn't look too bad log wise.

I use uTorrent rarely, perhaps 5 times a month and only to download a single file[s] and I completely exit the program. I'm not up/sharing with anyone.


System is sluggish.

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by Belahzur on Sun 11 Jul 2010, 5:19 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Sun 11 Jul 2010, 5:29 am

Belahzur wrote: Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Just wanted to let you know that I use ESET's AV, I've purchased a license and it's been running and updating for many months so far.

But I'm going to run the online scan anyway.

HERE is the Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-10 07:26:43
# local_time=2010-07-10 03:26:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 30329780 0 0
# compatibility_mode=8199 39157117 100 75 0 19488564 0 0
# scanned=268047
# found=0
# cleaned=0
# scan_time=3673

Thanks always.

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by Belahzur on Mon 12 Jul 2010, 7:49 am

Nothing found.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: SystemDir Regedit & Explorer How to fix Malware?

Post by axelrose on Mon 12 Jul 2010, 2:28 pm

Belahzur wrote:Nothing found.

How is the machine running now?

It's sluggish like when copying a list of files to another folder or slow doing simple things like closing a program.

Bazooka must have been a false positive because I cannot replicate the same SystemDir.Regedit & SystemDir.Explorer worms/virus/malware/Trojans as with Bazooka.

ONE MORE mystery is someone hijacked a Gmail account that I have and sent a mass Email to everyone in my Gmail Account's contact list 4 times until I changed the 'password hint' question and answer and changed the password. That didn't happen again though....Can't think of a single thing I've done for that to happen.

I highly suspect I have some form of virus/trojan or even a key-logger on my computer but I have not been able to detect it or prove it with any of the various scanners.
And like I said I own, have a license I paid for, a copy of ESET's AV #4 and have had ESET's products since the Windows XP days.

What makes it so sad is I have this SSD drive that is suppose to be faster than the old platter magnetic drives but this slowdown/sluggishness is taking away around 20% of that supposed increase in speed.

Anything you or anyone else reading this can suggest I try that's not been tried I am willing and able to do so.

thanks so far

axelrose

Newbie Surfer
Newbie Surfer

Posts: 19
Joined: 2010-07-08
Operating System: Windows 7 Home Premiuum x64

View user profile

Back to top Go down

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum