Ran through the tutorial.
Malwarebytes detected and removed 18 files
MS removal still present on the system after restarting
Attempted twice more with no effect.
OTL output below
OTL logfile created on: 4/13/2011 8:02:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\core_user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 29.86 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 58.40 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 142.61 Gb Free Space | 7.66% Space Free | Partition Type: NTFS
Drive J: | 931.28 Gb Total Space | 264.15 Gb Free Space | 28.36% Space Free | Partition Type: FAT32
Computer Name: ETERNAL | User Name: core_user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
PRC - [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 17:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
========== Modules (SafeList) ==========
MOD - [2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2011/03/17 10:12:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/26 21:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/30 17:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/15 14:54:22 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/08/09 14:40:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/29 02:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - [2011/03/17 10:12:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/26 22:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/01/26 22:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 21:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/30 17:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/23 13:26:27 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 13:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/29 11:15:41 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/29 11:15:41 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/04 21:24:02 | 000,097,808 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/25 06:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/08 08:54:09 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/11 16:30:55 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/11 16:30:54 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/06/27 00:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/04/03 04:57:18 | 000,015,360 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/03/24 13:20:24 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/18 23:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/02/07 21:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.animesuki.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 15:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 15:23:32 | 000,000,000 | ---D | M]
[2009/01/07 10:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\core_user\AppData\Roaming\Mozilla\Extensions
[2011/03/25 08:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions
[2010/12/12 18:43:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:59:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/25 08:59:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\engine@conduit.com
[2010/11/27 09:18:38 | 000,000,863 | ---- | M] () -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\searchplugins\conduit.xml
[2008/05/08 13:41:05 | 000,002,921 | ---- | M] () -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\searchplugins\daemon-search.xml
[2011/03/25 08:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/19 03:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/01 14:00:50 | 000,001,225 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 208.67.70.3
O1 - Hosts: 127.0.0.1 38.99.150.167
O1 - Hosts: 127.0.0.1 38.99.150.205
O1 - Hosts: 127.0.0.1 88.255.90.60
O1 - Hosts: 127.0.0.1 opal.spod.org
O1 - Hosts: 127.0.0.1 sendspace.com
O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 yieldmanager.com
O1 - Hosts: 127.0.0.1 193.165.167.2
O1 - Hosts: 127.0.0.1 152.66.249.135
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [jKa31001bJkGp31001] C:\ProgramData\jKa31001bJkGp31001\jKa31001bJkGp31001.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\core_user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\core_user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 12:15:06 | 000,053,263 | ---- | M] () - J:\autotwb1350.gif -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 18:52:58 | 000,045,447 | ---- | M] () - J:\autotwb1351.gif -- [ FAT32 ]
O33 - MountPoints2\{26a3ff06-7b7a-11df-8bec-001bfc5be298}\Shell\AutoRun\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe
O33 - MountPoints2\{26a3ff06-7b7a-11df-8bec-001bfc5be298}\Shell\open\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe
O33 - MountPoints2\{26a3ff0a-7b7a-11df-8bec-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{26a3ff0a-7b7a-11df-8bec-001bfc5be298}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{30304e77-435c-11df-815c-001bfc5be298}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\{54fbc046-1cb0-11dd-bf09-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{54fbc046-1cb0-11dd-bf09-001bfc5be298}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{86f1df47-c768-11df-a703-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{86f1df47-c768-11df-a703-001bfc5be298}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b1ee7ed0-7ba1-11df-9250-001bfc5be298}\Shell\AutoRun\command - "" = driver\usb\USB-driver.com
O33 - MountPoints2\{b1ee7ed0-7ba1-11df-9250-001bfc5be298}\Shell\open\command - "" = driver\usb\USB-driver.com
O33 - MountPoints2\{c84c757e-de55-11df-95e6-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{c84c757e-de55-11df-95e6-001bfc5be298}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{ed3896f5-3190-11df-81db-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{ed3896f5-3190-11df-81db-001bfc5be298}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/13 20:02:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
[2011/04/13 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\core_user\AppData\Roaming\Malwarebytes
[2011/04/13 18:53:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/13 18:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/13 18:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 18:53:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/13 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 18:52:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\core_user\Desktop\mbam-setup.exe
[2011/04/13 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\jKa31001bJkGp31001
[2011/04/02 09:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
[2011/04/02 09:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2011/03/27 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/27 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/27 15:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/27 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/03/27 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\core_user\AppData\Local\Apple
[2011/03/27 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/27 15:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/03/27 06:57:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/27 06:57:58 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/23 08:04:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/23 08:04:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/23 08:04:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/23 08:04:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/23 08:04:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/23 08:04:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/23 08:04:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/23 08:04:03 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/23 08:04:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/23 08:04:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/23 08:04:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/23 08:03:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/23 08:03:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/23 08:03:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/23 08:03:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/23 08:03:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/23 08:03:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/23 08:03:14 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/23 08:03:14 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/23 08:03:14 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/19 17:22:22 | 000,000,000 | ---D | C] -- C:\Warcraft III 1.21
[2011/03/19 15:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Team Fortress 2
[2011/03/15 18:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/03/15 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec21
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
[2011/04/13 19:53:58 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 19:53:58 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 19:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 19:46:45 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2011/04/13 19:45:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 19:45:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 19:22:21 | 000,117,760 | ---- | M] () -- C:\Users\core_user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 19:11:03 | 000,001,356 | ---- | M] () -- C:\Users\core_user\AppData\Local\d3d9caps.dat
[2011/04/13 19:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{64C78349-B90F-4CC2-8DD4-D4E48D029360}.job
[2011/04/13 18:53:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 18:52:47 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\core_user\Desktop\mbam-setup.exe
[2011/04/13 18:29:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-449167614-1501977027-3101843957-1000UA.job
[2011/04/12 22:29:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-449167614-1501977027-3101843957-1000Core.job
[2011/04/03 11:54:11 | 001,910,564 | ---- | M] () -- C:\Users\core_user\Desktop\DS_Cheat_Sheet.pdf
[2011/04/02 23:17:21 | 060,887,122 | ---- | M] () -- C:\Users\core_user\Desktop\Cantina.avi
[2011/04/02 09:42:02 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2011/04/01 22:19:22 | 006,309,380 | ---- | M] () -- C:\Users\core_user\Desktop\Assault_on_Hoth_Rules.pdf
[2011/04/01 22:19:09 | 000,232,834 | ---- | M] () -- C:\Users\core_user\Desktop\hoth_action_chits.pdf
[2011/04/01 22:19:00 | 006,505,813 | ---- | M] () -- C:\Users\core_user\Desktop\new_cards_US_letter.pdf
[2011/03/27 07:50:54 | 000,000,036 | ---- | M] () -- C:\Users\core_user\AppData\Local\housecall.guid.cache
[2011/03/26 14:20:47 | 003,580,845 | ---- | M] () -- C:\Users\core_user\Documents\USB
[2011/03/25 08:59:01 | 000,000,870 | ---- | M] () -- C:\Users\core_user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 08:59:01 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/23 08:22:17 | 001,613,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/21 07:53:29 | 000,002,177 | ---- | M] () -- C:\Users\core_user\Documents\New Database1.odb
[2011/03/20 16:59:11 | 000,017,990 | ---- | M] () -- C:\Users\core_user\Documents\jorge lindsay.odt
[2011/03/20 16:33:25 | 000,002,177 | ---- | M] () -- C:\Users\core_user\Documents\New Database.odb
[2011/03/19 15:55:32 | 000,001,231 | ---- | M] () -- C:\Users\core_user\Desktop\Team Fortress 2.exe - Shortcut.lnk
[2011/03/18 22:31:28 | 000,002,024 | ---- | M] () -- C:\Users\core_user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 10:12:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/13 18:53:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/03 11:54:11 | 001,910,564 | ---- | C] () -- C:\Users\core_user\Desktop\DS_Cheat_Sheet.pdf
[2011/04/02 22:32:11 | 060,887,122 | ---- | C] () -- C:\Users\core_user\Desktop\Cantina.avi
[2011/04/02 09:42:02 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2011/04/01 22:19:08 | 000,232,834 | ---- | C] () -- C:\Users\core_user\Desktop\hoth_action_chits.pdf
[2011/04/01 22:18:45 | 006,309,380 | ---- | C] () -- C:\Users\core_user\Desktop\Assault_on_Hoth_Rules.pdf
[2011/04/01 22:18:22 | 006,505,813 | ---- | C] () -- C:\Users\core_user\Desktop\new_cards_US_letter.pdf
[2011/03/27 15:20:58 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/27 07:50:54 | 000,000,036 | ---- | C] () -- C:\Users\core_user\AppData\Local\housecall.guid.cache
[2011/03/26 14:19:54 | 003,580,845 | ---- | C] () -- C:\Users\core_user\Documents\USB
[2011/03/25 08:59:01 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 08:03:57 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/23 08:03:57 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/23 08:03:57 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/21 07:53:28 | 000,002,177 | ---- | C] () -- C:\Users\core_user\Documents\New Database1.odb
[2011/03/20 16:59:11 | 000,017,990 | ---- | C] () -- C:\Users\core_user\Documents\jorge lindsay.odt
[2011/03/20 16:33:24 | 000,002,177 | ---- | C] () -- C:\Users\core_user\Documents\New Database.odb
[2011/03/19 15:55:32 | 000,001,231 | ---- | C] () -- C:\Users\core_user\Desktop\Team Fortress 2.exe - Shortcut.lnk
[2011/02/04 16:46:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/12/21 01:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 15:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/12/12 20:35:33 | 000,004,141 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2010/12/03 01:28:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/10/27 01:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/05 17:21:56 | 000,004,113 | ---- | C] () -- C:\Windows\w9xabc.INI
[2010/09/05 17:20:04 | 000,004,328 | ---- | C] () -- C:\Windows\savename.INI
[2010/09/05 17:20:04 | 000,000,283 | ---- | C] () -- C:\Windows\savegame.INI
[2010/01/07 18:44:39 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02D.ini
[2010/01/07 18:41:51 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02C.ini
[2010/01/07 18:39:27 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02B.ini
[2010/01/07 18:33:10 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02A.ini
[2009/10/12 18:34:45 | 000,001,536 | ---- | C] () -- C:\Windows\System32\drivers\GameNT.sys
[2009/09/26 00:16:45 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/09/25 19:11:13 | 000,027,185 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/09/11 09:54:08 | 000,025,096 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/26 17:28:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/26 17:28:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/13 09:33:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/13 17:39:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/04/13 17:39:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/04/13 17:39:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/03/11 16:30:55 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/11 16:30:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/21 18:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad3.exe
[2009/02/21 18:30:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad2.exe
[2009/02/21 18:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad1.exe
[2009/02/17 11:50:51 | 000,000,303 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/12/15 19:44:23 | 000,007,500 | ---- | C] () -- C:\Users\core_user\AppData\Roaming\.civclientrc
[2008/11/07 10:11:03 | 000,013,086 | ---- | C] () -- C:\Windows\scunin.dat
[2008/10/28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/03/17 04:54:00 | 000,056,005 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/02 03:59:06 | 000,117,760 | ---- | C] () -- C:\Users\core_user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/27 10:51:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/01/26 17:14:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/26 16:45:59 | 000,025,491 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/01/26 16:45:09 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/01/26 16:44:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/01/26 16:30:11 | 000,001,356 | ---- | C] () -- C:\Users\core_user\AppData\Local\d3d9caps.dat
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 001,613,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
< End of report >
Malwarebytes detected and removed 18 files
MS removal still present on the system after restarting
Attempted twice more with no effect.
OTL output below
OTL logfile created on: 4/13/2011 8:02:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\core_user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 29.86 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 58.40 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 142.61 Gb Free Space | 7.66% Space Free | Partition Type: NTFS
Drive J: | 931.28 Gb Total Space | 264.15 Gb Free Space | 28.36% Space Free | Partition Type: FAT32
Computer Name: ETERNAL | User Name: core_user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
PRC - [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 17:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
========== Modules (SafeList) ==========
MOD - [2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2011/03/17 10:12:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/26 21:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/30 17:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/15 14:54:22 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/08/09 14:40:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/29 02:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - [2011/03/17 10:12:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/26 22:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/01/26 22:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 21:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/30 17:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/23 13:26:27 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 13:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/29 11:15:41 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/29 11:15:41 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/04 21:24:02 | 000,097,808 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/25 06:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/08 08:54:09 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/11 16:30:55 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/11 16:30:54 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/06/27 00:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/04/03 04:57:18 | 000,015,360 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/03/24 13:20:24 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/18 23:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/02/07 21:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.animesuki.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 15:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 15:23:32 | 000,000,000 | ---D | M]
[2009/01/07 10:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\core_user\AppData\Roaming\Mozilla\Extensions
[2011/03/25 08:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions
[2010/12/12 18:43:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:59:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/25 08:59:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\extensions\engine@conduit.com
[2010/11/27 09:18:38 | 000,000,863 | ---- | M] () -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\searchplugins\conduit.xml
[2008/05/08 13:41:05 | 000,002,921 | ---- | M] () -- C:\Users\core_user\AppData\Roaming\Mozilla\Firefox\Profiles\62e215zt.default\searchplugins\daemon-search.xml
[2011/03/25 08:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/19 03:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/01 14:00:50 | 000,001,225 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 208.67.70.3
O1 - Hosts: 127.0.0.1 38.99.150.167
O1 - Hosts: 127.0.0.1 38.99.150.205
O1 - Hosts: 127.0.0.1 88.255.90.60
O1 - Hosts: 127.0.0.1 opal.spod.org
O1 - Hosts: 127.0.0.1 sendspace.com
O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 yieldmanager.com
O1 - Hosts: 127.0.0.1 193.165.167.2
O1 - Hosts: 127.0.0.1 152.66.249.135
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [jKa31001bJkGp31001] C:\ProgramData\jKa31001bJkGp31001\jKa31001bJkGp31001.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\core_user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\core_user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 12:15:06 | 000,053,263 | ---- | M] () - J:\autotwb1350.gif -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 18:52:58 | 000,045,447 | ---- | M] () - J:\autotwb1351.gif -- [ FAT32 ]
O33 - MountPoints2\{26a3ff06-7b7a-11df-8bec-001bfc5be298}\Shell\AutoRun\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe
O33 - MountPoints2\{26a3ff06-7b7a-11df-8bec-001bfc5be298}\Shell\open\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe
O33 - MountPoints2\{26a3ff0a-7b7a-11df-8bec-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{26a3ff0a-7b7a-11df-8bec-001bfc5be298}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{30304e77-435c-11df-815c-001bfc5be298}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{4ec7dbcd-f3c7-11dd-950d-001bfc5be298}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\{54fbc046-1cb0-11dd-bf09-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{54fbc046-1cb0-11dd-bf09-001bfc5be298}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{86f1df47-c768-11df-a703-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{86f1df47-c768-11df-a703-001bfc5be298}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b1ee7ed0-7ba1-11df-9250-001bfc5be298}\Shell\AutoRun\command - "" = driver\usb\USB-driver.com
O33 - MountPoints2\{b1ee7ed0-7ba1-11df-9250-001bfc5be298}\Shell\open\command - "" = driver\usb\USB-driver.com
O33 - MountPoints2\{c84c757e-de55-11df-95e6-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{c84c757e-de55-11df-95e6-001bfc5be298}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{ed3896f5-3190-11df-81db-001bfc5be298}\Shell - "" = AutoRun
O33 - MountPoints2\{ed3896f5-3190-11df-81db-001bfc5be298}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/13 20:02:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
[2011/04/13 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\core_user\AppData\Roaming\Malwarebytes
[2011/04/13 18:53:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/13 18:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/13 18:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 18:53:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/13 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 18:52:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\core_user\Desktop\mbam-setup.exe
[2011/04/13 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\jKa31001bJkGp31001
[2011/04/02 09:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
[2011/04/02 09:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2011/03/27 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/27 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/27 15:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/27 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/03/27 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\core_user\AppData\Local\Apple
[2011/03/27 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/27 15:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/03/27 06:57:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/27 06:57:58 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/23 08:04:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/23 08:04:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/23 08:04:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/23 08:04:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/23 08:04:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/23 08:04:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/23 08:04:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/23 08:04:03 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/23 08:04:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/23 08:04:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/23 08:04:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/23 08:03:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/23 08:03:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/23 08:03:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/23 08:03:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/23 08:03:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/23 08:03:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/23 08:03:14 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/23 08:03:14 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/23 08:03:14 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/19 17:22:22 | 000,000,000 | ---D | C] -- C:\Warcraft III 1.21
[2011/03/19 15:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Team Fortress 2
[2011/03/15 18:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/03/15 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec21
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/13 20:02:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\core_user\Desktop\OTL.exe
[2011/04/13 19:53:58 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 19:53:58 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 19:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 19:46:45 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2011/04/13 19:45:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 19:45:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 19:22:21 | 000,117,760 | ---- | M] () -- C:\Users\core_user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 19:11:03 | 000,001,356 | ---- | M] () -- C:\Users\core_user\AppData\Local\d3d9caps.dat
[2011/04/13 19:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{64C78349-B90F-4CC2-8DD4-D4E48D029360}.job
[2011/04/13 18:53:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 18:52:47 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\core_user\Desktop\mbam-setup.exe
[2011/04/13 18:29:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-449167614-1501977027-3101843957-1000UA.job
[2011/04/12 22:29:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-449167614-1501977027-3101843957-1000Core.job
[2011/04/03 11:54:11 | 001,910,564 | ---- | M] () -- C:\Users\core_user\Desktop\DS_Cheat_Sheet.pdf
[2011/04/02 23:17:21 | 060,887,122 | ---- | M] () -- C:\Users\core_user\Desktop\Cantina.avi
[2011/04/02 09:42:02 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2011/04/01 22:19:22 | 006,309,380 | ---- | M] () -- C:\Users\core_user\Desktop\Assault_on_Hoth_Rules.pdf
[2011/04/01 22:19:09 | 000,232,834 | ---- | M] () -- C:\Users\core_user\Desktop\hoth_action_chits.pdf
[2011/04/01 22:19:00 | 006,505,813 | ---- | M] () -- C:\Users\core_user\Desktop\new_cards_US_letter.pdf
[2011/03/27 07:50:54 | 000,000,036 | ---- | M] () -- C:\Users\core_user\AppData\Local\housecall.guid.cache
[2011/03/26 14:20:47 | 003,580,845 | ---- | M] () -- C:\Users\core_user\Documents\USB
[2011/03/25 08:59:01 | 000,000,870 | ---- | M] () -- C:\Users\core_user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 08:59:01 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/23 08:22:17 | 001,613,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/21 07:53:29 | 000,002,177 | ---- | M] () -- C:\Users\core_user\Documents\New Database1.odb
[2011/03/20 16:59:11 | 000,017,990 | ---- | M] () -- C:\Users\core_user\Documents\jorge lindsay.odt
[2011/03/20 16:33:25 | 000,002,177 | ---- | M] () -- C:\Users\core_user\Documents\New Database.odb
[2011/03/19 15:55:32 | 000,001,231 | ---- | M] () -- C:\Users\core_user\Desktop\Team Fortress 2.exe - Shortcut.lnk
[2011/03/18 22:31:28 | 000,002,024 | ---- | M] () -- C:\Users\core_user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 10:12:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/13 18:53:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/03 11:54:11 | 001,910,564 | ---- | C] () -- C:\Users\core_user\Desktop\DS_Cheat_Sheet.pdf
[2011/04/02 22:32:11 | 060,887,122 | ---- | C] () -- C:\Users\core_user\Desktop\Cantina.avi
[2011/04/02 09:42:02 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2011/04/01 22:19:08 | 000,232,834 | ---- | C] () -- C:\Users\core_user\Desktop\hoth_action_chits.pdf
[2011/04/01 22:18:45 | 006,309,380 | ---- | C] () -- C:\Users\core_user\Desktop\Assault_on_Hoth_Rules.pdf
[2011/04/01 22:18:22 | 006,505,813 | ---- | C] () -- C:\Users\core_user\Desktop\new_cards_US_letter.pdf
[2011/03/27 15:20:58 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/27 07:50:54 | 000,000,036 | ---- | C] () -- C:\Users\core_user\AppData\Local\housecall.guid.cache
[2011/03/26 14:19:54 | 003,580,845 | ---- | C] () -- C:\Users\core_user\Documents\USB
[2011/03/25 08:59:01 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 08:03:57 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/23 08:03:57 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/23 08:03:57 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/21 07:53:28 | 000,002,177 | ---- | C] () -- C:\Users\core_user\Documents\New Database1.odb
[2011/03/20 16:59:11 | 000,017,990 | ---- | C] () -- C:\Users\core_user\Documents\jorge lindsay.odt
[2011/03/20 16:33:24 | 000,002,177 | ---- | C] () -- C:\Users\core_user\Documents\New Database.odb
[2011/03/19 15:55:32 | 000,001,231 | ---- | C] () -- C:\Users\core_user\Desktop\Team Fortress 2.exe - Shortcut.lnk
[2011/02/04 16:46:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/12/21 01:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 15:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/12/12 20:35:33 | 000,004,141 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2010/12/03 01:28:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/10/27 01:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/05 17:21:56 | 000,004,113 | ---- | C] () -- C:\Windows\w9xabc.INI
[2010/09/05 17:20:04 | 000,004,328 | ---- | C] () -- C:\Windows\savename.INI
[2010/09/05 17:20:04 | 000,000,283 | ---- | C] () -- C:\Windows\savegame.INI
[2010/01/07 18:44:39 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02D.ini
[2010/01/07 18:41:51 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02C.ini
[2010/01/07 18:39:27 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02B.ini
[2010/01/07 18:33:10 | 000,002,004 | ---- | C] () -- C:\Windows\IMM02A.ini
[2009/10/12 18:34:45 | 000,001,536 | ---- | C] () -- C:\Windows\System32\drivers\GameNT.sys
[2009/09/26 00:16:45 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/09/25 19:11:13 | 000,027,185 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/09/11 09:54:08 | 000,025,096 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/26 17:28:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/26 17:28:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/13 09:33:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/13 17:39:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/04/13 17:39:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/04/13 17:39:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/03/11 16:30:55 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/11 16:30:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/21 18:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad3.exe
[2009/02/21 18:30:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad2.exe
[2009/02/21 18:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bad1.exe
[2009/02/17 11:50:51 | 000,000,303 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/12/15 19:44:23 | 000,007,500 | ---- | C] () -- C:\Users\core_user\AppData\Roaming\.civclientrc
[2008/11/07 10:11:03 | 000,013,086 | ---- | C] () -- C:\Windows\scunin.dat
[2008/10/28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/03/17 04:54:00 | 000,056,005 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/02 03:59:06 | 000,117,760 | ---- | C] () -- C:\Users\core_user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/27 10:51:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/01/26 17:14:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/26 16:45:59 | 000,025,491 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/01/26 16:45:09 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/01/26 16:44:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/01/26 16:30:11 | 000,001,356 | ---- | C] () -- C:\Users\core_user\AppData\Local\d3d9caps.dat
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 001,613,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
< End of report >