Vista Antivirus Pro 2010

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Vista Antivirus Pro 20105th March 2010, 10:23 pm

Hi, i got a virus 1 week ago, luckily i had the cds to do a system restore so i did so. and 3 days later a fake anti virus removal software popped up on my system, but i did download Malwarebytes' Anti-Malware i ran a quick scan and when it was done no results came up so heres the log.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

3/5/2010 5:11:47 PM
mbam-log-2010-03-05 (17-11-47).txt

Scan type: Quick Scan
Objects scanned: 80930
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------

But i still have it on my system please help!

Re: Vista Antivirus Pro 20105th March 2010, 11:16 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Vista Antivirus Pro 2010 DXwU4

The txt was too big so i cut it in half5th March 2010, 11:45 pm

OTL logfile created on: 3/5/2010 6:24:48 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Lemma\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 41.70 Gb Free Space | 57.45% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive E: | 157.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEMMA-PC
Current User Name: Lemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 18:24:10 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Lemma\Downloads\OTL.exe
PRC - [2010/03/03 10:20:01 | 000,197,120 | -HS- | M] () -- C:\Users\Lemma\AppData\Local\av.exe
PRC - [2010/03/02 18:34:35 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2010/03/02 18:09:50 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 06:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/07 04:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/08/07 04:57:48 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2008/07/01 18:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/04/28 16:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2008/04/28 16:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/04/07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/08/28 12:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
PRC - [2007/07/09 20:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/05/23 14:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/13 12:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/02/05 22:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

========== Modules (SafeList) ==========

MOD - [2010/03/05 18:24:10 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Lemma\Downloads\OTL.exe
MOD - [2008/01/20 18:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0097671267583567mcinstcleanup) McAfee Application Installer Cleanup (0097671267583567)
SRV - [2010/03/02 18:34:35 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2008/08/26 06:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/08/07 04:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/07/01 18:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/04/28 16:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008/04/28 16:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/04/07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/20 18:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 14:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/02/13 12:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/02/05 22:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

========== Driver Services (SafeList) ==========

DRV - [2010/03/02 18:52:01 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/02/20 16:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\Windows\System32\drivers\fslx.sys -- (FSLX)
DRV - [2009/02/13 15:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/29 07:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/18 16:46:46 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/06/25 08:39:42 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/05/28 10:16:38 | 000,075,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/05/07 12:29:32 | 000,120,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/28 16:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/28 16:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008/04/28 16:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/04/28 16:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008/04/28 16:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/01/20 18:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 18:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/03 03:19:08 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/07/10 02:25:38 | 000,347,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/30 02:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atipcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/05 16:44:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 16:43:02 | 000,000,000 | ---D | M]

[2010/03/05 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\Lemma\AppData\Roaming\Mozilla\Extensions
[2010/03/05 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\Lemma\AppData\Roaming\Mozilla\Firefox\Profiles\obe2b5x4.default\extensions
[2010/03/05 16:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lemma\AppData\Roaming\Mozilla\Firefox\Profiles\obe2b5x4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/05 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\Lemma\AppData\Roaming\Mozilla\Firefox\Profiles\obe2b5x4.default\extensions\staged-xpis
[2010/03/05 16:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/04/28 23:51:26 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6555b2d9-266a-11df-8766-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6555b2d9-266a-11df-8766-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008/04/29 05:57:07 | 005,214,208 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 17:04:19 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Malwarebytes
[2010/03/05 17:04:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/05 17:04:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/05 17:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/05 17:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/05 16:44:02 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Mozilla
[2010/03/05 16:44:02 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Mozilla
[2010/03/05 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010/03/04 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Lemma\Documents\³Ø½¼ ÇÃ·¯±×
[2010/03/04 03:07:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/04 03:06:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/03 18:25:48 | 000,000,000 | ---D | C] -- C:\Users\Lemma\Documents\Paint.NET User Files
[2010/03/03 11:39:20 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/03/03 11:39:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/03/03 11:39:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/03/03 11:39:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/03/03 11:39:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/03/03 11:36:50 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/03/03 11:36:43 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/03/03 11:36:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/03/03 11:36:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/03/03 11:36:29 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/03/03 11:36:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/03/03 11:36:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/03/03 11:36:02 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/03 11:35:40 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

Other half5th March 2010, 11:46 pm

[2010/03/03 11:35:37 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/03 11:35:37 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/03 11:35:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/03 11:35:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/03 11:35:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/03 11:35:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/03 11:35:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/03 11:35:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/03/03 11:35:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/03 11:35:28 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/03 11:32:42 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/03/03 11:32:39 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/03/03 11:32:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/03/03 11:32:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/03/03 11:32:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/03/03 11:32:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/03/03 11:32:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/03/03 11:32:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/03/03 11:32:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/03/03 11:25:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/03/03 11:25:29 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/03/03 11:25:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/03/03 11:24:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/03/03 11:24:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/03/03 11:22:48 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/03/03 11:22:42 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/03/03 11:22:01 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/03/03 11:17:47 | 003,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/03/03 11:17:46 | 003,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/03/03 11:17:39 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/03/03 11:17:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/03/03 11:17:19 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/03/03 11:16:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/03 11:14:00 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/03/03 11:13:45 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/03/03 11:13:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/03/03 11:13:42 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/03/03 11:13:42 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/03/03 11:13:41 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/03/03 11:13:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/03/03 11:13:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/03/03 11:13:32 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/03 11:13:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/03/03 11:13:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/03/03 11:09:57 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/03/03 11:09:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/03/03 11:09:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/03/03 11:09:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/03/03 11:09:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/03/03 11:09:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/03/03 11:09:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/03/03 11:09:18 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/03/03 10:57:06 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/03 10:57:05 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/03 10:57:05 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/03 10:57:04 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/03 10:57:04 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/03 10:57:04 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/03 10:57:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/03 10:57:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/03 10:57:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/03 10:53:51 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/03/03 10:53:50 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/03/03 10:53:31 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/03/03 10:47:17 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\NeopleLauncherDFO
[2010/03/03 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/03/03 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Paint.NET
[2010/03/03 10:36:31 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/03/03 10:36:27 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/03/03 10:36:24 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/03/03 10:36:22 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/03/03 10:36:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/03/03 10:36:21 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/03/03 10:36:16 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/03/03 10:36:03 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/03/03 10:23:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/03/03 10:22:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/03/03 10:22:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/03/03 10:19:49 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/03 10:02:18 | 000,000,000 | RH-D | C] -- C:\AHCache
[2010/03/02 19:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/03/02 19:27:35 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/03/02 19:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/03/02 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\PMB Files
[2010/03/02 19:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/03/02 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/03/02 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Macromedia
[2010/03/02 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Adobe
[2010/03/02 19:09:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/03/02 19:08:43 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/03/02 19:08:43 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/03/02 19:00:01 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/03/02 19:00:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/03/02 19:00:01 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/03/02 18:59:40 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/03/02 18:59:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/03/02 18:52:29 | 000,464,384 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2010/03/02 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/03/02 18:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\InstallShield
[2010/03/02 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Hewlett-Packard
[2010/03/02 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Hewlett-Packard
[2010/03/02 18:48:05 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\SiteAdvisor
[2010/03/02 18:47:44 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Searches
[2010/03/02 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Roaming\Identities
[2010/03/02 18:47:33 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Contacts
[2010/03/02 18:47:31 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\VirtualStore
[2010/03/02 18:45:43 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Downloaded Installations
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\AppData\Local\Temporary Internet Files
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Templates
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Start Menu
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Local Settings
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\AppData\Local\History
[2010/03/02 18:45:26 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\AppData\Local\Application Data
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\SendTo
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Recent
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\PrintHood
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\NetHood
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Documents\My Videos
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Documents\My Pictures
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Documents\My Music
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\My Documents
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Cookies
[2010/03/02 18:45:25 | 000,000,000 | -HSD | C] -- C:\Users\Lemma\Application Data
[2010/03/02 18:45:23 | 000,000,000 | --SD | C] -- C:\Users\Lemma\AppData\Roaming\Microsoft
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Videos
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Saved Games
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Pictures
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Music
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Links
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Favorites
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Downloads
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Documents
[2010/03/02 18:45:23 | 000,000,000 | R--D | C] -- C:\Users\Lemma\Desktop
[2010/03/02 18:45:23 | 000,000,000 | -H-D | C] -- C:\Users\Lemma\AppData
[2010/03/02 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Temp
[2010/03/02 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lemma\AppData\Local\Microsoft
[2010/03/02 18:36:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/02 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2010/03/02 18:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2010/03/02 18:32:43 | 000,120,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/03/02 18:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/02 18:32:40 | 000,034,088 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\MfeRKDK.sys
[2010/03/02 18:32:39 | 000,035,240 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\MfeBOPK.sys
[2010/03/02 18:32:38 | 000,205,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/03/02 18:32:38 | 000,079,560 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\MfeAVFK.sys
[2010/03/02 18:32:38 | 000,055,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2010/03/02 18:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/02 18:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/03/02 18:32:10 | 000,000,000 | -H-D | C] -- C:\fslrdr
[2010/03/02 18:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Altiris
[2010/03/02 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/03/02 18:31:40 | 000,015,368 | ---- | C] (PDF Complete, Inc.) -- C:\Windows\System32\pdfc_port.dll
[2010/03/02 18:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete
[2010/03/02 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/03/02 18:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/03/02 18:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/02 18:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/03/02 18:27:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/03/02 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/02 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/03/02 18:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/03/02 18:26:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/03/02 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/03/02 18:23:31 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2010/03/02 18:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/03/02 18:23:06 | 000,100,352 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\basp.dll
[2010/03/02 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/03/02 18:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/03/02 18:22:39 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/03/02 18:21:57 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/02 18:21:57 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/02 18:21:57 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/02 18:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/02 18:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/02 18:21:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/03/02 18:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/02 18:20:57 | 000,000,000 | -H-D | C] -- C:\hp
[2010/03/02 18:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/03/02 18:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/03/02 18:15:48 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/03/02 18:10:46 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/03/02 18:09:50 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/02 18:08:47 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/02 18:08:18 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/03/02 18:08:18 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/03/02 18:08:17 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/03/02 18:06:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/03/02 18:06:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/03/02 18:05:15 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/03/02 18:05:15 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/03/02 18:05:15 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/03/02 18:03:42 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/03/02 18:03:15 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/03/02 18:03:02 | 000,885,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/03/02 18:02:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/03/02 18:02:17 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/03/02 18:02:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/03/02 18:01:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/03/02 18:01:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/03/02 18:01:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/03/02 18:01:58 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/02 18:00:43 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/03/02 18:00:33 | 000,029,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/03/02 18:00:02 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/03/02 18:00:02 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/03/02 18:00:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/03/02 18:00:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/03/02 18:00:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/03/02 18:00:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/03/02 18:00:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/03/02 18:00:01 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/03/02 18:00:01 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/03/02 18:00:01 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/03/02 18:00:01 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/03/02 18:00:01 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/03/02 18:00:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/03/02 18:00:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/03/02 18:00:00 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/03/02 18:00:00 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/03/02 18:00:00 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/03/02 18:00:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/03/02 18:00:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/03/02 18:00:00 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/03/02 18:00:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/03/02 18:00:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/03/02 18:00:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/03/02 18:00:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/03/02 17:59:22 | 000,000,000 | ---D | C] -- C:\Windows\Users
[2010/03/02 17:59:17 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/03/02 17:59:17 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/03/02 17:59:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/03/02 17:59:16 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/03/02 17:59:16 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/03/02 17:59:16 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/03/02 17:59:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/03/02 17:59:16 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/03/02 17:59:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/03/02 17:58:14 | 000,212,992 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys
[2010/03/02 17:58:05 | 001,204,128 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2010/03/02 17:58:05 | 000,055,816 | ---- | C] (LSI Corporation) -- C:\Windows\agrsmdel.exe
[2010/03/02 17:58:05 | 000,013,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2010/03/02 17:58:04 | 011,509,760 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll
[2010/03/02 17:58:04 | 004,941,824 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010/03/02 17:58:04 | 004,385,280 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010/03/02 17:58:04 | 003,837,952 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010/03/02 17:58:04 | 002,394,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2010/03/02 17:58:04 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010/03/02 17:58:04 | 000,348,160 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/03/02 17:58:04 | 000,278,528 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2010/03/02 17:58:04 | 000,131,072 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010/03/02 17:58:04 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibrtmon.exe
[2010/03/02 17:58:04 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010/03/02 17:58:04 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010/03/02 17:58:04 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/03/02 17:58:04 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/03/02 17:58:02 | 000,606,208 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADIExt.dll
[2010/03/02 17:58:02 | 000,347,648 | ---- | C] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys
[2010/03/02 17:58:02 | 000,129,024 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADIAPO.dll
[2010/03/02 17:58:02 | 000,069,632 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
[2010/03/02 17:58:02 | 000,050,176 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADIAPR.dll
[2010/03/02 17:58:02 | 000,030,720 | ---- | C] (Analog Devices, Inc.) -- C:\Windows\System32\SmaxCo.dll
[2010/03/02 17:56:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/03/02 17:54:44 | 000,008,192 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010/03/02 17:53:12 | 000,170,000 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\ahcix86s.sys
[2010/03/02 17:33:39 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/03/02 17:32:34 | 000,000,000 | -H-D | C] -- C:\system.sav

========== Files - Modified Within 30 Days ==========

[2010/03/05 18:31:42 | 000,010,552 | -HS- | M] () -- C:\Users\Lemma\AppData\Local\58La0
[2010/03/05 18:30:15 | 001,310,720 | -HS- | M] () -- C:\Users\Lemma\NTUSER.DAT
[2010/03/05 18:27:27 | 000,007,215 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/03/05 18:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 17:19:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 17:19:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 17:04:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 16:44:06 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/05 16:43:07 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/05 15:48:26 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/03/05 15:23:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/05 15:23:58 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/05 15:23:58 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/05 15:19:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 15:19:01 | 1878,343,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 03:35:27 | 000,100,432 | ---- | M] () -- C:\Users\Lemma\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 03:32:53 | 000,374,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/04 03:29:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 03:29:50 | 000,065,536 | -HS- | M] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/03/04 03:29:46 | 001,648,493 | -H-- | M] () -- C:\Users\Lemma\AppData\Local\IconCache.db
[2010/03/03 10:55:11 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/03 10:47:14 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2010/03/03 10:20:01 | 000,197,120 | -HS- | M] () -- C:\Users\Lemma\AppData\Local\av.exe
[2010/03/02 19:29:52 | 000,001,551 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2010/03/02 18:54:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/03/02 18:52:01 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2010/03/02 18:46:18 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_bPC_dc5850_Y53307F_0U_QMXL928_EU_4A_I3029h_SHP_V_786F6 v01.09_T080409_WV6-1_L409_M1791_J80_7AMD_8FF2_92.30_#100302_N14E4167A_(NR631UC#ABA)_X_CD4_Z11C10630_2_G10029611.MRK
[2010/03/02 18:45:26 | 000,000,020 | -HS- | M] () -- C:\Users\Lemma\ntuser.ini
[2010/03/02 18:29:10 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/03/02 18:17:27 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/03/02 18:10:46 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/03/02 18:09:50 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/02 18:08:47 | 001,695,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/02 18:08:18 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/03/02 18:08:18 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/03/02 18:08:17 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/03/02 18:06:48 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/03/02 18:06:48 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/03/02 18:05:15 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/03/02 18:05:15 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/03/02 18:05:15 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/03/02 18:03:42 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/03/02 18:03:15 | 000,443,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/03/02 18:03:02 | 000,885,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/03/02 18:03:02 | 000,009,127 | ---- | M] () -- C:\Windows\System32\RacUR.xml
[2010/03/02 18:03:02 | 000,000,153 | ---- | M] () -- C:\Windows\System32\RacUREx.xml
[2010/03/02 18:02:47 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/03/02 18:02:17 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/03/02 18:02:17 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/03/02 18:01:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/03/02 18:01:59 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/03/02 18:01:59 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/03/02 18:01:58 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/02 18:01:19 | 000,177,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2010/03/02 18:01:19 | 000,177,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2010/03/02 18:01:19 | 000,141,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2010/03/02 18:00:43 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/03/02 18:00:33 | 000,029,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/03/02 18:00:02 | 001,582,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/03/02 18:00:02 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/03/02 18:00:02 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/03/02 18:00:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/03/02 18:00:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/03/02 18:00:02 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/03/02 18:00:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/03/02 18:00:01 | 006,103,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/03/02 18:00:01 | 001,418,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/03/02 18:00:01 | 000,670,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/03/02 18:00:01 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/03/02 18:00:01 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/03/02 18:00:01 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/03/02 18:00:01 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/03/02 18:00:00 | 011,967,524 | ---- | M] () -- C:\Windows\System32\korwbrkr.lex
[2010/03/02 18:00:00 | 001,671,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/03/02 18:00:00 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/03/02 18:00:00 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/03/02 18:00:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/03/02 18:00:00 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/03/02 18:00:00 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/03/02 18:00:00 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/03/02 18:00:00 | 000,106,605 | ---- | M] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/02 18:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/03/02 18:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/03/02 18:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/03/02 18:00:00 | 000,018,904 | ---- | M] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/02 17:59:17 | 000,988,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/03/02 17:59:17 | 000,927,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/03/02 17:59:17 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/03/02 17:59:16 | 000,615,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/03/02 17:59:16 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/03/02 17:59:16 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/03/02 17:59:16 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/03/02 17:59:16 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/03/02 17:59:16 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe

========== Files Created - No Company Name ==========

[2010/03/05 17:04:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 16:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/05 16:43:07 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/05 15:48:26 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/03/03 11:25:35 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/03/03 10:55:11 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/03/03 10:47:14 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2010/03/03 10:20:01 | 000,197,120 | -HS- | C] () -- C:\Users\Lemma\AppData\Local\av.exe
[2010/03/03 10:20:01 | 000,010,552 | -HS- | C] () -- C:\Users\Lemma\AppData\Local\58La0
[2010/03/02 19:29:52 | 000,001,551 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2010/03/02 18:52:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2010/03/02 18:52:28 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2010/03/02 18:46:18 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_bPC_dc5850_Y53307F_0U_QMXL928_EU_4A_I3029h_SHP_V_786F6 v01.09_T080409_WV6-1_L409_M1791_J80_7AMD_8FF2_92.30_#100302_N14E4167A_(NR631UC#ABA)_X_CD4_Z11C10630_2_G10029611.MRK
[2010/03/02 18:45:26 | 000,000,020 | -HS- | C] () -- C:\Users\Lemma\ntuser.ini
[2010/03/02 18:45:24 | 000,524,288 | -HS- | C] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/03/02 18:45:24 | 000,524,288 | -HS- | C] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/03/02 18:45:24 | 000,065,536 | -HS- | C] () -- C:\Users\Lemma\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/03/02 18:45:22 | 001,310,720 | -HS- | C] () -- C:\Users\Lemma\NTUSER.DAT
[2010/03/02 18:33:48 | 000,007,215 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2010/03/02 18:19:16 | 1878,343,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 18:17:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/02 18:03:02 | 000,009,127 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/03/02 18:03:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/03/02 18:00:00 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/03/02 18:00:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/02 18:00:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/02 17:58:04 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/03/02 17:58:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/03/02 17:58:04 | 000,151,824 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010/03/02 17:58:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010/03/02 17:58:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/03/02 17:58:04 | 000,015,485 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/03/02 17:58:04 | 000,000,529 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe.manifest
[2010/03/02 17:58:04 | 000,000,527 | ---- | C] () -- C:\Windows\System32\ATIODE.exe.manifest
[2010/03/02 17:34:12 | 000,043,254 | ---- | C] () -- C:\Windows\System32\HP_Logo.bmp
[2010/03/02 17:34:12 | 000,005,942 | ---- | C] () -- C:\Windows\System32\HP_Logo.png
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

Extras.txt5th March 2010, 11:50 pm

OTL Extras logfile created on: 3/5/2010 6:24:49 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Lemma\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 41.70 Gb Free Space | 57.45% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive E: | 157.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEMMA-PC
Current User Name: Lemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Lemma\AppData\Local\av.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61613ECA-6659-4793-B5E6-8C416B28AD9D}" = lport=58282 | protocol=17 | dir=in | name=pando media booster |
"{72974E7D-909D-4F4C-9870-2F20227D51E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A2604959-43BC-4370-AFF1-12D03353A68B}" = lport=58282 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1293C910-39C3-43AD-AE9B-C21DA47950F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2F547840-C2E3-415C-9C8B-0557F94F33BF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{30D3AE7C-5CCA-4254-9607-86BECEAA4C85}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{378FC63B-D501-4DB7-B8AE-0E38CA1D4F3F}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3BDA3606-8592-45BB-92D6-4815B55A7F7D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7FF8A74C-64D6-4A53-9891-84D9325DFA47}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{804AD1D9-C844-4EB0-9E4C-3759F62A4695}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{D9DDE79D-2600-4A67-B96E-D115E5BC0938}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FBF49FB0-3D6A-462D-BA90-1CA9879BBC85}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent
"{8487219F-6929-4FC9-B5F7-7D990DD6EECB}" = HP Advisor
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"Combat Arms" = Combat Arms
"DFO" = Dungeon Fighter Online
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MVS" = McAfee Virus and Spyware Protection Service
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2010 2:45:16 PM | Computer Name = Lemma-PC | Source = VSS | ID = 8194
Description =

Error - 3/3/2010 2:55:21 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:21 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:22 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:22 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:22 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:22 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:23 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:23 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/3/2010 2:55:24 PM | Computer Name = Lemma-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 3/3/2010 3:00:12 PM | Computer Name = Lemma-PC | Source = HTTP | ID = 15016
Description =

Error - 3/3/2010 10:07:37 PM | Computer Name = Lemma-PC | Source = bowser | ID = 8003
Description =

Error - 3/3/2010 10:25:11 PM | Computer Name = Lemma-PC | Source = BROWSER | ID = 8032
Description =

Error - 3/4/2010 7:33:07 AM | Computer Name = Lemma-PC | Source = HTTP | ID = 15016
Description =

Error - 3/4/2010 2:44:07 PM | Computer Name = Lemma-PC | Source = DCOM | ID = 10010
Description =

Error - 3/5/2010 2:22:02 PM | Computer Name = Lemma-PC | Source = bowser | ID = 8003
Description =

Error - 3/5/2010 7:19:19 PM | Computer Name = Lemma-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:17:22 PM on 3/5/2010 was unexpected.

Error - 3/5/2010 7:19:21 PM | Computer Name = Lemma-PC | Source = HTTP | ID = 15016
Description =

Error - 3/5/2010 8:10:57 PM | Computer Name = Lemma-PC | Source = DCOM | ID = 10010
Description =

Error - 3/5/2010 10:21:19 PM | Computer Name = Lemma-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Re: Vista Antivirus Pro 20105th March 2010, 11:54 pm

Hello.

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:
In your case, it would be .EXE
Close SREng now.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
PRC - [2010/03/03 10:20:01 | 000,197,120 | -HS- | M] () -- C:\Users\Lemma\AppData\Local\av.exe
[2010/03/03 10:20:01 | 000,010,552 | -HS- | C] () -- C:\Users\Lemma\AppData\Local\58La0
[2010/03/03 10:20:01 | 000,197,120 | -HS- | C] () -- C:\Users\Lemma\AppData\Local\av.exe
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Vista Antivirus Pro 20106th March 2010, 12:17 am

========== OTL ==========
Process av.exe killed successfully!
C:\Users\Lemma\AppData\Local\58La0 moved successfully.
C:\Users\Lemma\AppData\Local\av.exe moved successfully.

OTL by OldTimer - Version 3.1.34.0 log created on 03052010_191315

Re: Vista Antivirus Pro 20106th March 2010, 12:17 am

WOW THANKS!!!!!! IT DISAPPEARED!!! THANK YOU SOOOOO MUCH!!!!

Re: Vista Antivirus Pro 20106th March 2010, 12:19 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

How is the machine running now?

Re: Vista Antivirus Pro 201017th March 2010, 8:33 pm

Its running fine. And why do i have to remove Java? What would that do?

Re: Vista Antivirus Pro 201017th March 2010, 9:34 pm

It's an old version that needs updating.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 18.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Vista Antivirus Pro 2010

descriptionVista Antivirus Pro 20105th March 2010, 10:23 pm

descriptionRe: Vista Antivirus Pro 20105th March 2010, 11:16 pm

descriptionThe txt was too big so i cut it in half5th March 2010, 11:45 pm

descriptionOther half5th March 2010, 11:46 pm

descriptionExtras.txt5th March 2010, 11:50 pm

descriptionRe: Vista Antivirus Pro 20105th March 2010, 11:54 pm

descriptionRe: Vista Antivirus Pro 20106th March 2010, 12:17 am

descriptionRe: Vista Antivirus Pro 20106th March 2010, 12:17 am

descriptionRe: Vista Antivirus Pro 20106th March 2010, 12:19 am

descriptionRe: Vista Antivirus Pro 201017th March 2010, 8:33 pm

descriptionRe: Vista Antivirus Pro 201017th March 2010, 9:34 pm

descriptionRe: Vista Antivirus Pro 2010