"mostexe's.exe"not a valid Win32 application

View previous topic View next topic Go down

"mostexe's.exe"not a valid Win32 application

Post by labourfix on Mon 11 Apr 2011, 9:00 pm

"Windows Installer has been causing alot of problems recently. I can't install important windows updates and programme updates like iTunes and Adobe. I always get the error message 'Windows installer service could not be accessed'. Also whenever I try to type Msiexec in cmd, it says its not a valid win32 application. I have a feeling there's malicious content on my laptop.

I'm running Windows Vista SP2."

exact same problem here, cannot install vital updates.
heres the otl and extras.txt's. I hope you guy's can help becuase i cant install any of the programs or game's ive tried including several "Important" windows update.
if it helps, i did have nod32 installed but i removed it so see if a reinstall would fix the problem.
now its just left me with the problem of not being able to reinstall the antivirus...
OTL.txt

OTL logfile created on: 11/04/2011 5:44:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DESTRUCTOR\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 70.34 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 415.80 Gb Free Space | 29.76% Space Free | Partition Type: NTFS

Computer Name: DESTRUCTOR-PC | User Name: DESTRUCTOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 17:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DESTRUCTOR\Desktop\OTL.exe
PRC - [2010/11/06 16:17:58 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/11/06 16:17:41 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/25 14:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/26 10:23:46 | 000,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
PRC - [2008/02/14 09:09:40 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/07/06 13:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/09 18:44:50 | 000,038,976 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE
PRC - [2007/01/09 16:53:42 | 000,073,568 | ---- | M] (CANON INC.) -- C:\Windows\System32\CAP3RSK.EXE
PRC - [2007/01/09 14:02:54 | 000,144,016 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAP3SWK.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/11 17:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DESTRUCTOR\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/03/06 00:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/04/11 16:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 16:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 16:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 16:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/11 16:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008/01/19 17:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/19 17:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/19 17:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2011/01/20 09:40:31 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/06 16:17:41 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/11/25 14:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/04/11 16:27:45 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/02/12 15:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/26 10:23:46 | 000,150,528 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/11/06 16:20:06 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/11/06 16:20:06 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/06 16:20:05 | 000,100,368 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/11/06 16:17:32 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/09/07 16:35:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/24 03:31:21 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/09 16:56:26 | 000,284,416 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2009/02/04 12:22:10 | 000,019,456 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2008/11/26 12:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/11/04 18:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 18:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 18:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/04 18:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/03/05 14:05:22 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/21 20:00:12 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/06/25 05:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/08/28 22:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2005/06/04 19:07:56 | 000,319,104 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
DRV - [2004/07/27 10:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\ANIO.sys -- (ANIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 42 29 76 DC 69 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://roosterteeth.com/home.php|http://www.youtube.com/watch?v=ec0XKhAHR5I"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/26 21:12:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/17 17:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 17:06:14 | 000,000,000 | ---D | M]

[2008/06/17 18:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Extensions
[2011/04/11 17:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions
[2010/11/04 20:53:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/23 20:03:24 | 000,000,000 | ---D | M] ("Firefox Default for Vista") -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\{2843a0c8-caba-4428-b96a-83b5547c0fdd}
[2010/11/04 20:53:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/11/04 20:53:51 | 000,000,000 | ---D | M] (TabRenamizer) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}
[2009/07/01 16:51:39 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010/11/04 20:53:48 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\anycolor.pavlos256@gmail.com
[2009/12/14 20:53:59 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\battlefieldheroespatcher@ea.com
[2008/02/23 17:30:20 | 000,000,000 | ---D | M] (Opaque) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\ffe_opaque@game-point.net
[2010/11/04 20:53:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\personas@christopher.beard
[2009/01/03 09:14:09 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\DESTRUCTOR\AppData\Roaming\mozilla\Firefox\Profiles\u96bihh6.default\extensions\redshift_V2@shift-themes.com
[2010/01/26 15:29:27 | 000,001,681 | ---- | M] () -- C:\Users\DESTRUCTOR\AppData\Roaming\Mozilla\Firefox\Profiles\u96bihh6.default\searchplugins\ask.uk.xml
[2008/03/05 14:11:59 | 000,002,920 | ---- | M] () -- C:\Users\DESTRUCTOR\AppData\Roaming\Mozilla\Firefox\Profiles\u96bihh6.default\searchplugins\daemon-search.xml
[2010/11/05 09:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 01:33:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 13:24:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 09:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/08 15:07:51 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/11/08 15:07:51 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/11/08 15:07:51 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/11/08 15:07:51 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CAP3ON] C:\Windows\System32\spool\drivers\w32x86\3\CAP3ONN.EXE (CANON INC.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.12.1 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\DESTRUCTOR\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\DESTRUCTOR\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/02 10:59:56 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O33 - MountPoints2\{01f80255-5872-11de-9bcb-001fd0a3c4af}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{20b54b4b-444d-11de-9ef6-001fd0a3c4af}\Shell\AutoRun\command - "" = G:\AllwaySync'n'Go.exe -autorun
O33 - MountPoints2\{30d6e37e-49ca-11de-bf52-001fd0a3c4af}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{85fdc916-ea68-11dc-a6de-001cf089edfd}\Shell - "" = AutoRun
O33 - MountPoints2\{85fdc916-ea68-11dc-a6de-001cf089edfd}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{9582a81b-e063-11dc-a6bf-001d7da25f45}\Shell - "" = AutoRun
O33 - MountPoints2\{9582a81b-e063-11dc-a6bf-001d7da25f45}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 17:22:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DESTRUCTOR\Desktop\OTL.exe
[2011/04/11 17:12:38 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/04/10 16:08:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/04/10 16:08:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/04/10 16:08:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/04/10 16:08:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/04/10 16:08:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/04/10 16:08:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/04/10 16:08:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/04/10 16:08:01 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/04/10 16:08:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/04/10 16:07:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/04/10 16:07:58 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/04/10 16:07:58 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/04/10 16:07:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/04/10 15:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive Studios
[2011/03/20 20:38:30 | 000,000,000 | ---D | C] -- C:\Users\DESTRUCTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SynthMaker
[2011/03/20 20:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynthMaker
[2011/03/20 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/03/20 20:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\SynthMaker CM
[2011/03/14 09:58:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/14 09:56:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/14 09:56:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/14 09:56:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/14 09:56:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/14 09:56:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/14 09:56:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/14 09:56:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/14 09:56:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/14 09:56:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/14 09:56:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/14 09:56:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/14 09:56:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/14 09:56:08 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/14 09:56:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/14 09:56:08 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/14 09:56:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/13 20:49:56 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/03/13 20:49:55 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/03/13 20:49:50 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/13 20:49:41 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/13 20:49:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/13 20:49:41 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/13 20:49:41 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/13 20:49:41 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/13 20:49:41 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/13 20:49:40 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/13 20:49:40 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/13 20:49:40 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/13 20:49:40 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/13 20:49:40 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/13 20:49:40 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/13 20:49:39 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/13 20:49:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/13 20:49:39 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/13 20:49:39 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/13 20:49:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/13 20:49:39 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/13 20:49:39 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/13 20:49:39 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/13 20:49:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/13 20:49:38 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/13 20:49:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/13 20:49:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/13 20:49:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/13 20:49:20 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/13 20:49:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/13 20:49:20 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/13 20:49:15 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/03/13 20:49:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2003/07/08 20:46:49 | 000,917,504 | ---- | C] (Synapse Audio) -- C:\Program Files\Plucked String.dll
[2003/07/08 20:46:49 | 000,905,216 | ---- | C] (Synapse Audio Software) -- C:\Program Files\Plucked String DXi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 17:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DESTRUCTOR\Desktop\OTL.exe
[2011/04/11 17:17:48 | 000,650,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/11 17:17:48 | 000,125,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/11 17:12:28 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 17:12:28 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 17:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 17:12:21 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 16:59:34 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/04/11 01:41:17 | 000,041,984 | ---- | M] () -- C:\Users\DESTRUCTOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 03:30:00 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ErrorKiller Scheduled Scan.job
[2011/04/06 23:01:40 | 000,001,218 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
[2011/03/14 10:26:43 | 002,270,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 20:56:02 | 2279,190,527 | ---- | C] () -- C:\Users\DESTRUCTOR\Desktop\rzr-bord.iso
[2011/03/14 09:56:08 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/14 09:56:08 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/14 09:56:08 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/11/06 16:20:08 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/06 16:20:02 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/11/06 16:18:15 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/10/14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/09/04 13:04:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/18 23:29:38 | 000,000,175 | ---- | C] () -- C:\Users\DESTRUCTOR\AppData\Roaming\default.rss
[2009/12/14 20:56:01 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/11/21 11:45:14 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/11/21 11:45:14 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/11/21 11:44:59 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/11/21 11:44:58 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2009/11/21 11:44:42 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/21 11:44:42 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2009/11/21 11:43:13 | 000,000,148 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/09/24 12:53:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:53:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 12:53:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msiexec.exe
[2009/08/05 23:16:35 | 000,030,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/05 23:16:20 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/05 23:16:19 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/20 18:52:27 | 000,000,035 | ---- | C] () -- C:\Windows\dice.ini
[2009/02/28 15:29:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/28 15:26:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/02/09 17:04:52 | 000,003,625 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2009/01/24 13:28:58 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/01/17 09:01:51 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin
[2008/11/26 12:47:50 | 000,000,615 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008/10/10 17:17:41 | 000,000,266 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/10/10 17:17:35 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/10/09 21:07:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/27 11:29:46 | 001,073,528 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/09/27 11:29:46 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008/09/24 05:58:58 | 000,118,784 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/07/31 10:11:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/26 21:07:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/26 21:07:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/07/23 16:38:52 | 000,045,072 | ---- | C] () -- C:\ProgramData\debug each tray.jaot5fs
[2008/07/23 16:38:15 | 000,274,448 | ---- | C] () -- C:\ProgramData\flag type type.7q9hrp
[2008/07/23 16:38:15 | 000,098,320 | ---- | C] () -- C:\ProgramData\flag type type.7r4k1
[2008/07/10 20:32:52 | 000,022,328 | ---- | C] () -- C:\Users\DESTRUCTOR\AppData\Roaming\PnkBstrK.sys
[2008/07/10 20:32:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/06/22 20:14:32 | 000,192,528 | ---- | C] () -- C:\ProgramData\flag type type.zh2i0
[2008/06/20 20:50:19 | 000,000,220 | ---- | C] () -- C:\Windows\asr.INI
[2008/06/11 22:01:03 | 000,000,091 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2008/06/11 19:58:04 | 000,319,504 | ---- | C] () -- C:\ProgramData\flag type type.n333t
[2008/06/11 19:53:23 | 000,237,584 | ---- | C] () -- C:\ProgramData\flag type type.mfsftx
[2008/04/03 20:50:55 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini
[2008/04/02 16:12:48 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/04/01 17:42:02 | 000,318,464 | ---- | C] () -- C:\Windows\System32\rstrui.exe
[2008/03/29 21:31:31 | 000,020,992 | ---- | C] () -- C:\Windows\bw-uninstall.exe
[2008/02/29 19:30:07 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2008/02/23 19:31:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/23 17:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/23 16:53:46 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2008/02/21 20:34:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/21 20:05:41 | 000,041,984 | ---- | C] () -- C:\Users\DESTRUCTOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 19:52:31 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2008/02/21 19:52:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/02/21 19:26:32 | 000,002,032 | ---- | C] () -- C:\Users\DESTRUCTOR\AppData\Local\d3d9caps.dat
[2008/01/01 22:42:05 | 000,000,098 | ---- | C] () -- C:\Users\DESTRUCTOR\AppData\Local\fusioncache.dat
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 002,270,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,650,068 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,125,006 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/24 13:33:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/04/01 18:24:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/07/08 20:46:49 | 000,905,216 | ---- | M] (Synapse Audio Software) -- C:\Program Files\Plucked String DXi.dll
[2003/07/08 20:46:49 | 000,917,504 | ---- | M] (Synapse Audio) -- C:\Program Files\Plucked String.dll

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/25 07:24:14 | 000,000,397 | -HS- | M] () -- C:\Users\DESTRUCTOR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/11 17:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DESTRUCTOR\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/01/17 17:06:12 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/01/17 17:06:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/01/17 17:06:13 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/01/17 17:06:13 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/02/23 19:29:17 | 000,000,402 | -HS- | M] () -- C:\Users\DESTRUCTOR\Favorites\desktop.ini
[2010/11/04 18:16:38 | 000,000,262 | ---- | M] () -- C:\Users\DESTRUCTOR\Favorites\NCH Audio and Telephony Software.lnk
[2010/11/04 18:16:38 | 000,000,262 | ---- | M] () -- C:\Users\DESTRUCTOR\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/07/23 16:38:52 | 000,045,072 | ---- | M] () -- C:\ProgramData\debug each tray.jaot5fs
[2008/07/23 16:38:15 | 000,274,448 | ---- | M] () -- C:\ProgramData\flag type type.7q9hrp
[2008/07/23 16:38:15 | 000,098,320 | ---- | M] () -- C:\ProgramData\flag type type.7r4k1
[2008/06/11 19:53:23 | 000,237,584 | ---- | M] () -- C:\ProgramData\flag type type.mfsftx
[2008/06/11 19:58:04 | 000,319,504 | ---- | M] () -- C:\ProgramData\flag type type.n333t
[2008/06/22 20:14:32 | 000,192,528 | ---- | M] () -- C:\ProgramData\flag type type.zh2i0

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 21:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 21:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 16:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/03/05 14:05:22 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2004/07/27 10:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO.sys
[2004/07/27 10:20:46 | 000,011,904 | ---- | M] (ANI ) -- C:\Windows\System32\anio4.sys
[2006/11/02 17:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 16:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 17:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 17:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 17:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 17:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 17:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 17:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 17:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 17:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 17:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 17:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 17:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 17:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 17:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 17:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2004/08/04 20:26:42 | 000,383,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\PRISMA02.sys
[2005/03/12 18:48:22 | 000,245,888 | ---- | M] (Ralink Technology Inc.) -- C:\Windows\System32\rt25u98.sys
[2005/04/08 15:09:12 | 000,162,304 | ---- | M] (Ralink Technology Inc.) -- C:\Windows\System32\rt52u98.sys
[2005/06/04 19:08:12 | 000,318,464 | ---- | M] (Ralink Technology Inc.) -- C:\Windows\System32\rt619x.sys
[2010/12/31 23:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys



Last edited by labourfix on Mon 11 Apr 2011, 11:03 pm; edited 1 time in total

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Mon 11 Apr 2011, 9:28 pm


< %systemroot%\system32\drivers\*.dll >
[2010/11/06 16:18:31 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/22 11:09:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/21 20:01:03 | 000,000,239 | ---- | M] () -- C:\csb.log
[2008/03/05 13:40:40 | 000,000,122 | ---- | M] () -- C:\DelSysReg.log
[2008/12/11 21:39:20 | 000,002,267 | ---- | M] () -- C:\GO_NETWORK.LOG
[2011/04/11 17:12:21 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2005/05/09 10:03:44 | 001,155,072 | ---- | M] (Valve Corporation) -- C:\HldsUpdateTool.exe
[2005/04/07 12:27:50 | 000,003,429 | ---- | M] () -- C:\hldsupdatetool_readme.txt
[2009/03/08 21:02:08 | 000,001,409 | ---- | M] () -- C:\INSTALL.LOG
[2008/09/30 20:00:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/30 20:00:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/11 17:12:20 | 3801,501,696 | -HS- | M] () -- C:\pagefile.sys
[2008/02/21 19:57:58 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2002/07/26 16:02:06 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE

< %PROGRAMFILES%\*. >
[2008/01/01 21:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/12 15:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/03/08 07:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced Batch Converter
[2010/05/14 22:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/02/23 16:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\ANI
[2009/11/21 22:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2008/08/05 17:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/07 09:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2010/01/26 15:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ask Search Assistant
[2010/11/06 16:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/11/06 16:27:50 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/06/28 18:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\AV Vcs 6.0 GOLD
[2008/06/06 17:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/06/04 12:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/11/21 22:16:36 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/12/01 19:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2010/11/05 00:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/11/21 11:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2009/11/21 11:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2010/09/04 17:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/12/17 15:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/05/14 21:47:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/10 20:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\ConTEXT
[2009/04/01 17:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\CopyPod
[2010/04/16 01:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2010/04/16 01:15:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/02/23 16:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2008/06/18 17:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/06/20 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Destiny
[2008/03/13 17:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2011/04/10 15:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive Studios
[2009/12/17 15:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/05/14 21:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Dragon Age
[2008/10/07 10:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\DreamRender
[2009/08/05 22:34:34 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2008/06/21 08:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Hi-Q Recorder
[2010/03/23 17:16:58 | 000,000,000 | ---D | M] -- C:\Program Files\ElcomSoft
[2011/04/11 16:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/06/18 19:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2009/07/01 20:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/23 23:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2010/04/08 11:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
[2009/10/08 11:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2008/09/27 11:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\Illustrate
[2011/04/10 18:45:42 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/02/21 19:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/12/17 02:14:47 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/09/18 11:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/01/17 15:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/01/17 15:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/05 09:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/10/09 10:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/04/09 10:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/06/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Maxtor
[2010/04/30 23:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mediafour
[2010/01/26 15:29:25 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2010/06/06 13:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/02/21 20:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2011/04/09 23:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/11/16 22:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2008/09/30 20:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft GIF Animator
[2008/12/25 20:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2008/03/25 06:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/23 13:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/01/09 17:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/23 13:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/09/23 13:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/09/23 13:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/09/23 13:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/11/07 23:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/12/17 15:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\mkvtoavi
[2010/09/04 13:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2008/08/23 23:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2011/04/10 21:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/03/25 06:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/07/24 03:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Webcam Recorder
[2008/02/21 20:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/07/24 03:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/07/24 03:31:26 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2009/12/12 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/10/09 12:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2011/03/20 20:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2008/06/09 16:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Photo_Resizer_Pro
[2011/01/30 23:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Plucked String
[2011/01/17 15:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/23 19:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\Rainmeter
[2008/07/26 21:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/02/21 20:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/04 12:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/07/31 14:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/03/21 11:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/11/19 16:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2008/12/11 21:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Rogue
[2010/11/19 22:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\RoM
[2009/02/14 10:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2010/11/10 09:21:55 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/04/10 21:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Square Enix
[2011/03/13 15:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/09/07 16:35:02 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2011/03/20 20:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\SynthMaker CM
[2009/10/10 22:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/03/07 19:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Teamspeak2_RC2
[2011/03/15 16:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2010/09/04 20:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\TmUnitedForever
[2008/01/01 22:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2009/12/29 18:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2006/11/02 23:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/05 17:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\UrbanTerror
[2008/10/09 19:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/08 20:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Valve
[2008/08/24 10:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/05/26 21:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/09/24 16:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/09/24 16:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/09/24 16:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/07/18 23:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/09/24 16:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/11/08 00:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/03/14 10:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/07/24 03:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/11/05 02:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/24 16:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 17:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/09/24 16:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/03/06 15:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/02/24 16:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/12/10 11:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2008/07/26 21:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2008/11/18 18:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/04/04 19:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

< %appdata%\*.* >
[2009/12/21 11:35:06 | 000,000,175 | ---- | M] () -- C:\Users\DESTRUCTOR\AppData\Roaming\default.rss
[2009/12/29 18:49:02 | 000,022,328 | ---- | M] () -- C:\Users\DESTRUCTOR\AppData\Roaming\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2008/01/19 17:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 17:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 17:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 17:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 19:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 19:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 17:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 17:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 19:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/23 18:21:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/23 18:21:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/23 18:21:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 19:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 19:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 16:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 16:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 16:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 17:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 17:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 19:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 17:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 17:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 19:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 16:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 16:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 17:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 17:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 17:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 17:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 19:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 16:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 16:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/02/23 18:24:23 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/02/23 18:24:23 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/02/23 18:24:23 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 15:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 15:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 14:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 14:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 14:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 18:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-11 07:10:38

========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Mon 11 Apr 2011, 9:30 pm

and the extras txt file:

TL Extras logfile created on: 11/04/2011 5:44:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DESTRUCTOR\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 70.34 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 415.80 Gb Free Space | 29.76% Space Free | Partition Type: NTFS

Computer Name: DESTRUCTOR-PC | User Name: DESTRUCTOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAB1965-CDC0-4A30-A8BC-C676C926810A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11E0D119-4744-4C74-809E-C345658882C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{146B9AFE-ED1F-4756-AAF9-D4396D01768A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B733E04-A575-4EB4-9ED9-C9FF58CC9F13}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1D9E6B29-C06B-4BEF-B310-A992FB3D718D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E3263C6-BB2B-4670-8F9E-0EEC74B671A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22C4E54E-51EC-4A26-9C2F-02F5DE277F09}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{24058A72-77F7-4E64-8262-5563E346ABD1}" = rport=138 | protocol=17 | dir=out | app=system |
"{480D3545-92E0-4E16-9594-FEE9177EB2C5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4D8A2F9D-1B6E-4995-97A5-1CD70AB7D702}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5B5E8430-BF16-4CB4-8A96-05C00FC75753}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{7C2999B4-A8B4-46CC-83A3-989834B98128}" = rport=445 | protocol=6 | dir=out | app=system |
"{811CEF9B-CBCC-4396-A1CC-4B66083C5EFF}" = rport=137 | protocol=17 | dir=out | app=system |
"{8531AB6D-801B-45CD-A676-407ACAADACC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{918115D7-9E0D-470E-BD6E-302B1E705CA3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{947EA9B8-B6EA-43D6-ACD4-C08E748B6328}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{978D4946-7781-4B1C-8E9E-705A45DD6410}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DE718D5-64BF-40A0-861E-AE225B130368}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3472E0A-7B57-4008-8982-615965212922}" = lport=445 | protocol=6 | dir=in | app=system |
"{C953EE08-1C4F-4286-816F-A2C4B040AEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CA5A4451-2D7E-4602-9F12-B18B1AA3E73D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D903005A-EAA9-4C60-9C48-899487308F72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EDC9FFB7-1D6D-4CCC-8A31-8A6399EBA1D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F10983C0-851E-4E1C-8FFB-BB3665663AFB}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D6B825-FB65-40E4-8C1C-A7AEDC940B32}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{01EFDC67-6DCA-4459-B26B-9C8F4E02E5C3}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{05DC0766-E5E4-45A0-B422-1505BFF22B89}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{0E431A6C-F466-4DB4-8145-C7C7E0E3FEC2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{0F98C31E-02CB-4F5D-9F7D-9009AD390363}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{12B6B910-F82A-4528-B253-22F1F90A31A4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{15119A5F-661D-440B-9E92-EB4D15EB06D2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{159C008D-E09D-4038-962D-1627065E8D46}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{196A8386-CCD2-4785-8397-0BF5C33C188D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1999D2A3-E553-4748-B4B2-9754241A1654}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{21530038-B0BB-4188-B5BD-507ABD3B8763}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{246A00AA-8CE0-4381-B37E-F9F085792D0D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2873F121-5ABD-4F5E-A29E-34E84B767D47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\labourfix\synergy\hl2.exe |
"{29226B57-9E40-45DE-B6DE-DBB7E0999A0A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2A6DE334-B64C-485C-B68D-DD6E3878A374}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{31D49087-4115-414C-9656-7E55D81B9E0E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{32FC08D7-F52E-4A2D-ACD7-BF823E3F22CE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"{3621FA6A-EE00-479E-B25B-5420A048E7E5}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{36AF7F8E-9819-42BB-A5C0-52786360971D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3883D623-5110-4580-BFEA-EE4363E24AFE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{3AF9B83F-25C8-4CF0-A209-B0DF4DB9DD10}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3C3EC220-155E-4A37-B387-694ED62D308B}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{3DF96A98-95D5-41AF-89C1-650E27AB0614}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{3F46BF6D-1515-4124-AD7E-FC90FFA4D59F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{4448512B-44D5-4C38-A20B-D0B3255CBDCE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{45F7425E-4F7C-4EBE-982E-38444091FBDB}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{4951C248-CC93-46EF-8723-451EC70AB0E4}" = protocol=6 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"{4A73A932-CA40-4E3C-9018-C4C6FCB3C18C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C1300D5-B4F8-4A4E-B8B2-66FA25E17E8F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{5039C9A9-DA87-400B-98D1-76DA43B7E772}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{535C5C05-5441-44F4-9C4A-9C1E6E4DAEFB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\labourfix\synergy\hl2.exe |
"{569C76F8-69C8-444A-88F9-8F9D68079E9E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{574CB224-ECB0-4BA3-85AF-90A652EE8CE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AE03D2C-35E6-45BE-BE23-F2A8CD5917E3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{5B54A56E-079C-432D-99B0-550D4E3427C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{5C22F671-5D7B-49F0-9936-5B8649DADA02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{5EAD2C4D-DE5C-4567-B691-8AF201A9160F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{63EB2F57-6A0A-46C0-8FB3-6A114BEF41BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{664C15D2-B4D6-448E-905E-0D774A3E018F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{66AE4DB4-D716-4A6F-B83E-CCA875876AA5}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{688A3E11-57F8-494C-A3D9-7D140540077F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{6C6EA662-6CD3-4044-946A-3CDD93A7B15E}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{6DF29FF5-8822-401A-8A64-230D2808D2D9}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{70FDC845-5CF2-4064-AE95-F9ECF4139F5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{718E738A-608B-4CCC-98BA-0457EC82EAC4}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{7216E04B-2E86-4FB7-83E8-63D8EB6C96D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{72EC9DD1-7064-40EF-A2E2-2C3F152F50F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74D15786-AAFF-49BF-B08A-584DB08315E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{79B0A878-5355-46F0-BF14-E61B60809A7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{7E5150BE-B0D6-4496-9B0A-00D54EDA6BF5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8787C34A-29FC-480E-9BED-6EAB266D0402}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{8B25134B-BF6E-4A91-8F76-D4185F4577CF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8C6FF149-7A20-4623-8860-4ED43468F340}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{8C991A2E-37A9-4DFE-A12B-D04BC1725A4D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{97296054-2E5F-4681-AC76-7F5AAF67916A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9B04172C-FC78-4C05-BB78-A3BD0E291CBD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{9D27ACDD-BC59-40F6-9E62-1484D9D38D84}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A14E82A1-D10A-49E0-9949-1DBEDAFD0FD7}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{A3CBCEC6-E48D-42CF-A88F-EEE092892A29}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{A4D85D33-25AD-4719-AFBB-2283FF2E8994}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{A4DDF7D0-AD97-4993-9CF1-0228DD23EE72}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A754EB7E-52CC-44DC-BA16-E7BF8E13FE72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A81044B5-5050-4995-A701-517F3DBED38A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"{AE34B635-BD7F-45AD-83F6-58E91473BF70}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B21CBF60-6488-40A2-A36E-8722E0522C54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B408012A-4D48-4C29-9723-08715D22031C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B79987C5-5ED0-41EA-96CB-061BD8494E4F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BAB35BB5-8360-422D-AD55-BB8F4EE62E8A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BDF42039-51CE-48D3-9A01-5CDB0D6461E5}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{BFA4DE25-5FE3-4926-9C00-3618E3535D06}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{C058AD5A-77A1-4370-AAD3-E3F0A1ADCC52}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{C3CF450D-403F-49FD-AC03-323E89901AEB}" = protocol=17 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"{C88BBA12-9D32-4C4C-8B15-1167E10592B2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CF651E7A-F27B-403B-8020-3FC899A27D0F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{D05434B7-C4C5-4256-A5E0-6C7B6067CA69}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D0C57D1A-88EC-465C-BA39-1530430D1F15}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{D3FD6764-2B83-4F54-AFF3-471830DD6966}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{D5D787C9-C06C-498B-BC8E-4DA7F5151BC9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D6A6BB02-AEEC-4C2A-8AB2-2E7A9F82CE21}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{DB0CF0D4-D296-4781-A2D6-EBA23CFC8C4E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DC528765-78F9-415C-85BD-D4FEE1D9404A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{E42C4331-D2C0-48C9-B1AB-E975D0B854F7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EF6A835A-8F09-4DC4-A43B-59ECD7AD9D9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F509CD95-2B17-4395-8CAB-8C6CA85AC35D}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{F551730F-DAB0-4585-94AE-BE2B0CCFA3D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8CFCFBD-6338-4049-91D8-74C53A18C66C}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{FDE91959-5D4D-4D63-BF17-332CADB136F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{168499AD-70C4-4A83-8E33-E127EB3A2535}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1A27CA43-A688-4466-B472-1BF8BFC43F33}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"TCP Query User{2D03B6E9-E743-44E0-84DF-2F859E3CFAC5}C:\program files\half-life\hltv.exe" = protocol=6 | dir=in | app=c:\program files\half-life\hltv.exe |
"TCP Query User{2F3CAFF0-36BE-4C39-8864-447C9D63BD38}C:\users\destructor\downloads\yuleech-runes_of_magic_3_0_4_2263_aus.exe" = protocol=6 | dir=in | app=c:\users\destructor\downloads\yuleech-runes_of_magic_3_0_4_2263_aus.exe |
"TCP Query User{4ED5104B-EA5E-4AAD-B309-D1B175E9831A}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{60DFAF38-41AE-4FCF-8025-FB2A8797D0EF}C:\program files\steam\steamapps\labourfix\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\labourfix\team fortress 2\hl2.exe |
"TCP Query User{698FEDB0-4C40-4333-AF95-7342E19373C3}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{9EF49EDC-B2FD-4C76-90CB-74639F150593}C:\program files\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\half-life\hl.exe |
"TCP Query User{A7A18643-E050-430C-A9EB-F7BD045FEC99}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{B7F245EC-840F-4520-A0E7-30C9F5332F64}C:\program files\microsoft games\halo 2\halo2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"TCP Query User{B8CB16D6-9390-4A3B-B9FD-1A400357DDC2}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{C1B397C8-BDBE-403F-8200-C6B6F491EE0B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{E0806A30-5534-422A-A164-D3A516B9C403}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{E8BC9225-1A40-41D1-9DAE-909935D7F6A4}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{0BCBC897-DD3C-45B5-8973-E81E240CF937}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{38F2BEFF-9A7B-4F90-8620-EF984A9369F2}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{3CE1C47B-4798-4BA8-89BE-F2FEC4D81680}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{4A6A1963-980E-4DE4-AB8D-81F911353212}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{5783ADAA-EE18-4F8D-9E6D-E6FE057F1856}C:\program files\microsoft games\halo 2\halo2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"UDP Query User{5A6D01DE-0BCB-48B6-B0A1-A5D5428FFAB7}C:\users\destructor\downloads\yuleech-runes_of_magic_3_0_4_2263_aus.exe" = protocol=17 | dir=in | app=c:\users\destructor\downloads\yuleech-runes_of_magic_3_0_4_2263_aus.exe |
"UDP Query User{72D37F6C-F081-467D-AE1F-0A7BC73F5505}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{7CA250B9-68A5-4445-A72C-16CE2536E697}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{A314221E-ADF5-426D-BF23-81CF2E378139}C:\program files\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\half-life\hl.exe |
"UDP Query User{A90616DD-A22C-4E8C-8D33-2926854E4E58}C:\program files\half-life\hltv.exe" = protocol=17 | dir=in | app=c:\program files\half-life\hltv.exe |
"UDP Query User{B83E3A58-ADB7-45B3-875E-77CCF4375BB5}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{CA29F7DE-4834-4DA5-9ADD-151CB5C9DF2A}C:\program files\steam\steamapps\labourfix\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\labourfix\team fortress 2\hl2.exe |
"UDP Query User{D87BBA47-AEDC-44CE-BC1B-68870AF93F34}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F7B1FCEA-36D0-4485-BEB8-FB487524358B}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0129B1E0-FC2A-219C-2B55-F81845719BB6}" = CCC Help English
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EA44599-1E9D-4517-A088-9588A9FAB211}" = AirPlus G
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23958263-D500-BCB3-0B3A-A3E47ED9DC34}" = Catalyst Control Center Graphics Previews Vista
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D74A527-B8EA-4D36-A653-07F0F92B6925}" = Brother HL-2140
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{50BCDF5A-6829-47BF-9B12-2A83CB1832FD}" = MSN Webcam Recorder 22.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63522C0C-CDAF-D873-08F1-D9CA9EFF3EA5}" = Catalyst Control Center InstallProxy
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68C536DD-E4C5-E7AA-ED80-C387AB33A53C}" = ccc-core-static
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6FD75E05-FF64-4C27-AA79-FD589A8C1A0B}" = MacDrive 7
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96245f61-ae63-4847-b3e1-99064a46a5c9}" = Nero 9
"{99053CC3-A74B-BC9C-1AF2-1ADE8AEEC9FB}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{9F71B84C-C856-47C6-82B8-D060B6BFDA16}" = Just Cause 2
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{add83166-dab6-4681-8b5c-2de3caf189c5}" = Nero 9 Trial
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EADE5897-3567-7D85-7236-6F458689D18F}" = ATI Catalyst Install Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F400E4F2-DC34-33D6-E065-316ED121101D}" = Catalyst Control Center Graphics Previews Common
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Batch Converter" = Advanced Batch Converter
"Any Video Converter_is1" = Any Video Converter 2.7.9
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AV Voice Changer Software GOLD 6.0" = AV Voice Changer Software GOLD 6.0
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Canon LASER SHOT LBP-1120" = Canon LASER SHOT LBP-1120
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ConTEXTEditor_is1" = ConTEXT
"CopyPod" = CopyPod (remove only)
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Debut" = Debut Video Capture Software
"Destiny Media Player" = Destiny Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Hi-Q Recorder_is1" = Easy Hi-Q Recorder 2.2
"GameSpy Arcade" = GameSpy Arcade
"GIF Animator" = Microsoft GIF Animator
"Graboid Video" = Graboid Video 1.2
"Guild Wars" = Guild Wars
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Halo Trial" = Microsoft Halo Trial
"Insaniquarium_Patch_Installer_1.2" = Insaniquarium Patch Installer 1.2
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"LimeWire" = LimeWire 4.18.8
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.22
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.11
"Photo Resizer Pro_is1" = Photo Resizer Pro v3.9
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"RealPlayer 6.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Rogue" = Rogue
"SoundTap" = SoundTap Streaming Audio Recorder
"Steam App 440" = Team Fortress 2
"SynapsePluckedString_is1" = Plucked String VSTi/DXi v4.0
"SynthMaker" = SynthMaker 1.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Urban Terror_is1" = Urban Terror 4.1
"Videora iPod Converter" = Videora iPod Converter 4.07
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XeTav V2" = XeTav V2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2 great byte" = CiD Help
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"AI RoboForm" = AI RoboForm
"Facebook Plug-In" = Facebook Plug-In
"GATES TO AESGAARD - Episode 1" = GATES TO AESGAARD - Episode 1
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/11/2009 6:49:20 AM | Computer Name = DESTRUCTOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/11/2009 1:29:23 AM | Computer Name = DESTRUCTOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/11/2009 4:13:37 PM | Computer Name = DESTRUCTOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 17/11/2009 1:32:16 AM | Computer Name = DESTRUCTOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19/11/2009 2:45:04 AM | Computer Name = DESTRUCTOR-PC | Source = VSS | ID = 8194
Description =

Error - 20/11/2009 1:50:48 AM | Computer Name = DESTRUCTOR-PC | Source = EventSystem | ID = 4621
Description =

Error - 20/11/2009 12:00:57 PM | Computer Name = DESTRUCTOR-PC | Source = System Restore | ID = 8193
Description =

Error - 21/11/2009 8:50:15 AM | Computer Name = DESTRUCTOR-PC | Source = EventSystem | ID = 4621
Description =

Error - 21/11/2009 7:43:16 PM | Computer Name = DESTRUCTOR-PC | Source = EventSystem | ID = 4621
Description =

Error - 24/11/2009 4:48:56 PM | Computer Name = DESTRUCTOR-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 11/04/2011 2:59:40 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/04/2011 2:59:40 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/04/2011 3:10:04 AM | Computer Name = DESTRUCTOR-PC | Source = DCOM | ID = 10005
Description =

Error - 11/04/2011 3:10:04 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/04/2011 3:10:37 AM | Computer Name = DESTRUCTOR-PC | Source = DCOM | ID = 10005
Description =

Error - 11/04/2011 3:10:38 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/04/2011 3:12:56 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/04/2011 3:12:56 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/04/2011 3:14:22 AM | Computer Name = DESTRUCTOR-PC | Source = DCOM | ID = 10005
Description =

Error - 11/04/2011 3:14:22 AM | Computer Name = DESTRUCTOR-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Tue 12 Apr 2011, 6:20 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Tue 12 Apr 2011, 1:14 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6338

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

12/04/2011 12:07:35 PM
mbam-log-2011-04-12 (12-07-35).txt

Scan type: Quick scan
Objects scanned: 181055
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\destructor\AppData\Roaming\errorkiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\Users\destructor\AppData\Roaming\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\Users\destructor\AppData\Roaming\errorkiller\registry backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\destructor\downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Windows\Tasks\errorkiller scheduled scan.job (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\Users\destructor\AppData\Roaming\errorkiller\Log\2008 jun 28 - 04_53_34 pm_855.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\Users\destructor\AppData\Roaming\errorkiller\registry backups\2008-06-28_16-54-11.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Wed 13 Apr 2011, 8:56 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Wed 13 Apr 2011, 11:52 am

here you go, thanks for the help so far

ComboFix 11-04-11.02 - DESTRUCTOR 13/04/2011 10:30:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3325.2306 [GMT 10:00]
Running from: c:\users\DESTRUCTOR\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iTunes\iTunesHelper.exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload
C:\UNWISE.EXE
c:\windows\Fonts\corbel.ttf
c:\windows\Fonts\rod.ttf
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk
c:\windows\system32\arp.exe
c:\windows\system32\config.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-13 00:37 . 2011-04-13 00:37 -------- d-----w- c:\users\DESTRUCTOR\AppData\Local\temp
2011-04-13 00:37 . 2011-04-13 00:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-13 00:37 . 2011-04-13 00:37 -------- d-----w- c:\users\Guest 2\AppData\Local\temp
2011-04-13 00:37 . 2011-04-13 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-13 00:02 . 2011-04-13 00:02 -------- d-----w- c:\windows\LastGood
2011-04-12 01:59 . 2011-04-12 01:59 -------- d-----w- c:\users\DESTRUCTOR\AppData\Roaming\Malwarebytes
2011-04-12 01:56 . 2011-04-12 01:56 -------- d-----w- c:\programdata\Malwarebytes
2011-04-12 01:56 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 01:56 . 2011-04-12 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 01:56 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 11:51 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-11 11:51 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-11 11:51 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-10 06:08 . 2010-02-04 00:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-10 06:08 . 2010-02-04 00:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-10 06:08 . 2010-02-04 00:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-10 06:08 . 2010-02-04 00:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-04-10 06:08 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-10 06:08 . 2009-09-04 07:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-04-10 06:08 . 2009-09-04 07:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-10 06:08 . 2009-09-04 07:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-10 06:08 . 2009-09-04 07:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-04-10 06:07 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-10 06:07 . 2008-07-31 00:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-04-10 06:07 . 2008-07-31 00:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-04-10 06:07 . 2008-07-31 00:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-04-10 05:56 . 2011-04-10 05:56 -------- d-----w- c:\program files\Disney Interactive Studios
2011-04-10 01:38 . 2011-04-10 01:38 -------- d-----w- c:\users\Guest 2\AppData\Roaming\SUPERAntiSpyware.com
2011-04-10 01:37 . 2011-04-10 01:37 -------- d-----w- c:\users\Guest 2\AppData\Roaming\teamspeak2
2011-04-10 01:37 . 2011-04-10 01:37 -------- d-----w- c:\users\Guest 2\AppData\Local\Mozilla
2011-03-20 10:38 . 2011-03-20 10:38 -------- d-----w- c:\program files\Outsim
2011-03-20 10:36 . 2011-03-20 10:37 -------- d-----w- c:\program files\SynthMaker CM
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 06:41 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-26 13:36 . 2011-01-26 13:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 13:00 . 2011-01-26 13:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 13:00 . 2010-11-06 06:18 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 12:59 . 2011-01-26 12:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 12:56 . 2011-01-26 12:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 12:55 . 2010-11-06 06:17 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 12:55 . 2010-11-06 06:17 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 12:54 . 2011-01-26 12:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 12:53 . 2008-10-03 22:39 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 12:53 . 2011-01-26 12:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 12:53 . 2011-01-26 12:53 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 12:53 . 2011-01-26 12:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 12:49 . 2011-01-26 12:49 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 12:32 . 2011-01-26 12:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 12:28 . 2008-10-03 22:22 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 12:27 . 2011-01-26 12:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 12:27 . 2011-01-26 12:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 12:25 . 2011-01-26 12:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 12:24 . 2008-10-03 22:01 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 12:20 . 2010-11-06 06:17 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 12:14 . 2010-11-06 06:17 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 12:12 . 2011-01-26 12:12 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 12:12 . 2010-11-06 06:17 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 12:12 . 2010-11-06 06:18 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-26 12:11 . 2011-01-26 12:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-20 16:37 . 2011-03-13 10:49 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-03-13 10:49 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-03-13 10:49 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-03-13 10:49 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-03-13 10:49 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-03-13 10:49 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-03-13 10:49 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-03-13 10:49 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-03-13 10:49 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-03-13 10:49 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-03-13 10:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-03-13 10:49 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-03-13 10:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-03-13 10:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-03-13 10:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-03-13 10:49 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-03-13 10:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-03-13 10:49 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-03-13 10:49 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-03-13 10:49 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-03-13 10:49 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-03-13 10:49 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-03-13 10:49 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-03-13 10:49 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-03-13 10:49 683008 ----a-w- c:\windows\system32\d2d1.dll
2003-07-08 10:46 . 2003-07-08 10:46 917504 ----a-w- c:\program files\Plucked String.dll
2003-07-08 10:46 . 2003-07-08 10:46 905216 ----a-w- c:\program files\Plucked String DXi.dll
.
.
------- Sigcheck -------
.
[7] 2010-11-02 . 92A17B0A89D14815AACC62CD190B6CE3 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[-] 2010-11-02 06:03 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[7] 2010-09-08 . 4A719476A6393B1DCACFEB4F3AC6599C . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[7] 2010-09-08 . D5A730DFDEAE005373E62BC2A866E3BB . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-22 . 4B5AEA50CE77FBA4C2D169622DC9B489 . 638232 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[7] 2009-07-21 . C33BD196A0301F9B23D9A003D30ED8B0 . 638216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-10-16 . D762642A109433EEDCD332B0A9511137 . 634024 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[7] 2008-10-16 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[7] 2008-10-02 . 19403B64906C9EAC627E3C10847B0FDA . 633632 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[7] 2008-10-02 . 6655B851D9EEF7C83395EE52D551B448 . 633632 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[7] 2008-06-27 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2008-06-27 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2008-04-25 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2008-04-25 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2008-02-23 . 9143C721DD6482374EFB35BC35944324 . 625664 . . [7.00.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[7] 2008-02-23 . 7F2693693511F7ECD2762081F2F19864 . 625664 . . [7.00.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[7] 2008-02-22 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2008-02-21 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2008-01-19 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 06:35 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 Status Window.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
backup=c:\windows\pss\Canon LASER SHOT LBP-1120 Status Window.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DESTRUCTOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DESTRUCTOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNK.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allway Sync 'n' Go
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOOK BITS GRID FORD]
c:\programdata\debug each tray.jaot5fs [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Size comp]
c:\programdata\flag type type.7q9hrp [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 20:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2008-09-17 22:14 880640 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAP3ON]
2007-01-19 01:19 28288 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 01:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 05:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 04:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 06:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2009-07-23 17:31 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 04:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-02-14 00:33 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 05:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-11-25 04:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 03:51 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-26 11:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-05 716272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-07 74480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2008-11-26 150528]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-06 100368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 02:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\DESTRUCTOR\AppData\Roaming\Mozilla\Firefox\Profiles\u96bihh6.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AnyColor: [You must be registered and logged in to see this link.] - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Battlefield Heroes Updater: [You must be registered and logged in to see this link.] - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Personas: [You must be registered and logged in to see this link.] - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: TabRenamizer: {792BDDFE-2E7C-42ed-B18D-18154D2761BD} - %profile%\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-Half-Life Dedicated Server Update Tool - C:\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-13 10:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2367995611-587735351-2421756774-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,77,44,a0,c1,f4,5d,7d,72,08,fa,6b,e0,f7,50,d1,b2,87,f9,63,96,27,3e,
82,b4,32,6c,38,d3,c3,84,21,83,b8,4a,14,28,b5,c7,81,df,70,15,92,d0,e5,8a,3c,\
"??"=hex:52,b4,0c,36,16,8f,49,5c,53,0c,77,21,52,5e,cf,6f
.
[HKEY_USERS\S-1-5-21-2367995611-587735351-2421756774-1000\Software\SecuROM\License information*]
"datasecu"=hex:2b,27,29,70,cd,11,7a,30,47,e2,ee,9a,59,d2,cd,5f,14,c2,98,5c,32,
36,4d,62,61,99,ed,ed,04,85,87,f7,8b,4d,68,e0,27,50,61,41,dd,15,b9,c5,03,05,\
"rkeysecu"=hex:d6,c8,21,76,8a,82,b0,d1,9f,13,cf,3d,3d,d0,11,52
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-13 10:38:40
ComboFix-quarantined-files.txt 2011-04-13 00:38
.
Pre-Run: 76,975,947,776 bytes free
Post-Run: 77,310,566,400 bytes free
.
- - End Of File - - 62CBAF92EFFB64D0F5867C920FD27F57

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Thu 14 Apr 2011, 8:53 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Thu 14 Apr 2011, 9:30 pm

i cannot use internet explorer, as it says its not a valid win32 application so i downloaded the eset installer and ran it from that, it seemed to work fine

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=faf00f7705e87d47853271699379b84d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-14 10:20:41
# local_time=2011-04-14 08:20:41 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 89182331 89182331 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 95 48145622 140278800 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=267861
# found=6
# cleaned=6
# scan_time=26768
C:\Users\DESTRUCTOR\Downloads\Macdrive 8 Package.rar probably a variant of Win32/Agent.EBLGXAQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\DESTRUCTOR-PC\Backup Set 2010-04-28 175113\Backup Files 2010-05-13 170522\Backup files 50.zip probably a variant of Win32/Agent.EBLGXAQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.X worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
G:\toby's stuff\games\tmuf-dtn.iso probably a variant of Win32/Agent.JWALVLQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\toby's stuff\games\Morrowind Game of the Year Edition\unl-eso12.rar probably a variant of Win32/Agent.IZJZFMV trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\winamp_cache_0001\ehthumbs.exe probably a variant of Win32/Injector.ZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Fri 15 Apr 2011, 9:22 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.1
    Ask.com Search Assistant 1.0.2
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Java(TM) 6 Update 22
    LimeWire 4.18.8
    uTorrent

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader X


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Sun 17 Apr 2011, 2:15 am

[quote="Belahzur"]Hello.


Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.1

    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Java(TM) 6 Update 22



the windows installer will not let me uninstall these programs, and i have no idea why.
"the windows installer service could not be accessed. this can occur if the Windows Installer is not correctly installed."

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Sun 17 Apr 2011, 5:22 am

Were you doing them in Safe Mode?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Sun 17 Apr 2011, 11:20 am

yes.

If it helps, it seems that the problem with the updater is linked to the problem with 'msiexec.exe' not being a valid win32 application.

i took the liberty of having a closer look at the file and it reads as being "0 bytes in size" although it still exists - my assumption is that this is where the problem lies. Thanks to your help so far several infected files have also been removed

is there anything else i can do to help solve the problem?


labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Sun 17 Apr 2011, 9:55 pm

No, msiexec.exe works fine, it's just the update installed is disabled in Safe Mode, try doing it in normal mode.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Mon 18 Apr 2011, 12:14 am

i tried uninstalling the applications in normal mode and was confronted with the same problem.

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Belahzur on Mon 18 Apr 2011, 8:48 am

Hello.
Try this.

Click Start, click Run, type MSIEXEC /UNREGISTER, and then click OK. Even if you do this correctly, it may look like nothing occurs.
Click Start, click Run, type MSIEXEC /REGSERVER, and then click OK. Even if you do this.

Try removing Java now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by labourfix on Mon 18 Apr 2011, 4:00 pm

hah, that seems to have worked.
thanks Belahzur!

labourfix

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-04-11
Operating System : windows vista sp2

View user profile

Back to top Go down

Re: "mostexe's.exe"not a valid Win32 application

Post by Sponsored content Today at 6:13 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum