Author Topic: My HijackThis log (Read 2760 times)

is Will 1337? · « **on:** June 26, 2011, 10:46:11 PM »

My laptop has been running a little slow, was wondering if anyone could point out anything out of the ordinary.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:24 PM, on 6/26/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Will\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15124 bytes

guestolo · « **Reply #1 on:** June 26, 2011, 10:50:44 PM »

Not seeing anything bad in there, but optionals that could be removed
Can you do the following for a closer look

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Right click on OTL.exe and choose to "Run as Administrator"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

is Will 1337? · « **Reply #2 on:** June 26, 2011, 11:02:13 PM »

OTL logfile created on: 6/26/2011 8:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Will\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 44.50% Memory free
7.86 Gb Paging File | 5.42 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 297.54 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 142.84 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

Computer Name: WILL-PC | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 20:56:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2011/06/26 20:37:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Will\Desktop\HijackThis.exe
PRC - [2011/06/26 13:14:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 13:20:23 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/06/24 13:20:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/23 02:45:06 | 000,376,280 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/03/19 14:47:46 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/03/19 14:47:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/20 05:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/30 04:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/20 17:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (SafeList) ==========

MOD - [2011/06/26 20:56:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/05 18:02:56 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/08/05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/24 13:20:23 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/15 20:04:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/19 14:47:46 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/03/19 14:47:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/05 18:02:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/28 20:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 19:12:21 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/15 15:38:39 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/03/12 23:23:32 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/02 19:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/09 20:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 03:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/18 05:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 09:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/05/25 13:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 17:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 20:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 07:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 07:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 15:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/06/30 12:55:57 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/03/25 20:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603104515l0324z145a4812v23q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {6cbc25b0-0a52-11df-8a39-0800200c9a66}:1.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.508
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=C303C807-467E-4480-B08C-6220A99A8263&apn_ptnrs=FM&apn_sauid=F1CAEBAD-63D4-40DA-86DC-490B80C15681&apn_dtid=TES002YYUS&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/26 13:14:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/26 13:14:59 | 000,000,000 | ---D | M]

[2010/03/12 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/03/12 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/26 20:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions
[2011/03/03 09:32:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 07:09:04 | 000,000,000 | ---D | M] (ShopToWin4) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
[2011/05/24 10:20:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/19 03:19:23 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\[email protected]
[2011/03/19 14:36:16 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\[email protected]
[2011/05/24 10:20:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\[email protected]
[2011/04/03 00:43:59 | 000,000,000 | ---D | M] ("Wolfram Toolbar") -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\[email protected]
[2010/10/23 19:42:07 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\extensions\vshare@toolbar
[2011/03/23 11:14:57 | 000,002,568 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\searchplugins\askcom.xml
[2011/01/02 04:39:50 | 000,001,832 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\8c1x68tq.default\searchplugins\bing.xml
[2011/06/26 11:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/15 02:45:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/21 07:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/06 21:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/20 09:46:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/04 10:45:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 17:33:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/26 11:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/15 01:51:35 | 000,000,000 | ---D | M] ("Savevid.com Easy Video Downloader") -- C:\PROGRAM FILES (X86)\SAVEVID\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/02 09:44:56 | 000,435,353 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14978 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/01 21:29:50 | 000,000,062 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 20:56:30 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2011/06/26 20:37:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Will\Desktop\HijackThis.exe
[2011/06/26 20:04:30 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/06/26 11:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/26 11:02:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/26 11:02:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/26 11:02:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/26 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{FA641A54-8566-4946-A811-B617D3BA888B}
[2011/06/26 10:55:36 | 000,000,000 | R--D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/06/25 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{BDA9F673-00C5-45DF-8C8E-1E5D58946F2C}
[2011/06/25 00:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/25 00:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/25 00:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/25 00:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/25 00:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/25 00:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/25 00:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/06/24 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/24 13:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/24 13:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/06/24 13:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/06/24 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{6F9B70DC-1627-45DD-AA9F-0F250AF64F53}
[2011/06/23 07:42:50 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{246AE0FB-2D2E-48A4-B54F-89071620A769}
[2011/06/22 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{CDBEAA0D-F963-4C01-81C6-6810742751CE}
[2011/06/21 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{D6CFA760-D320-4AC8-8947-9D5958F97F21}
[2011/06/21 02:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/06/21 02:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/06/21 02:07:26 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Opera
[2011/06/21 02:07:26 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Opera
[2011/06/21 02:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/06/21 02:06:50 | 007,648,768 | ---- | C] (Opera Software ASA) -- C:\Users\Will\Desktop\Opera_1111_en_Setup.exe
[2011/06/21 02:05:58 | 000,589,664 | ---- | C] (Google Inc.) -- C:\Users\Will\Desktop\ChromeSetup.exe
[2011/06/20 13:40:42 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{5FF87398-3E64-4C97-BD4C-5360A3DD7519}
[2011/06/19 13:39:43 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{B94F5D63-76C8-4FB6-B237-32990AB371B2}
[2011/06/19 03:19:30 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\ActiveGSLocalData
[2011/06/18 13:07:40 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{98A8C46C-2F93-4A0E-B8B9-147924BB624E}
[2011/06/17 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{0C2AB255-73A2-4527-A6A9-AB1B53F093FD}
[2011/06/16 11:42:41 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{D2DE0E9C-E6B7-44AF-B464-CECFA13C0C46}
[2011/06/15 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{CFD026A6-2D05-411E-BD0D-F7588AEFC0B7}
[2011/06/14 23:21:33 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\party
[2011/06/14 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\Effects
[2011/06/14 11:14:24 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{0B66D946-0D89-41F4-B76E-8787B57C9246}
[2011/06/12 13:35:44 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{462BBCA4-4BF9-4B88-A2B8-92D55E6A3098}
[2011/06/11 10:07:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{DAB18DCC-91FE-4A40-9B69-70DED6E10EA9}
[2011/06/09 12:27:17 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{38855A30-C08A-4C67-878E-21DC3BC5AB96}
[2011/06/09 10:58:34 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\TomTom
[2011/06/09 10:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/06/09 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/06/09 10:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2011/06/09 10:58:15 | 006,400,936 | ---- | C] (TomTom International B.V.) -- C:\Users\Will\Desktop\InstallMyTomTomSA.exe
[2011/06/09 00:01:35 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\graduation
[2011/06/08 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{1553E752-C724-4F5E-98DA-FF4D636AF4D0}
[2011/06/08 00:25:34 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{6D0668D7-A1A0-451F-846E-0AA31E9843ED}
[2011/06/07 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{B3283B60-340F-499D-B618-66519BD65781}
[2011/06/06 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{316C62BF-43F8-4E94-9EC7-8C06A0A7F2FC}
[2011/06/06 08:20:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/05 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{D6487658-0A97-4E19-B492-4E74534A8CBE}
[2011/06/04 10:53:10 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{1EABBD53-0E7F-46E3-8441-8C18499167DF}
[2011/06/03 10:17:52 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{4A199691-C77C-4A85-A59B-84CEE47089FC}
[2011/06/02 08:15:36 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{5CF79727-3988-4095-8CAF-9A9487B23764}
[2011/06/01 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{47F40228-158C-4941-BC1D-3DFBE43D5FF5}
[2011/06/01 17:54:12 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\Adobe
[2011/06/01 16:57:44 | 000,000,000 | R--D | C] -- C:\Users\Will\Documents\Scanned Documents
[2011/06/01 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Fax
[2011/06/01 08:14:23 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{3B372101-7804-4DBF-A820-119173598388}
[2011/05/31 13:18:42 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{607EA2BB-2CF4-44FA-8851-5DDA41B2BFB0}
[2011/05/30 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{CE44EF09-DAE7-45D8-BB76-64CC7DE4621D}
[2011/05/29 18:21:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\prom
[2011/05/29 13:16:27 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{4C99532A-D638-4F4A-9796-D76BCEDA03BD}
[2011/05/29 01:15:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{EB5CB709-EA5B-4306-95C0-C11960597284}
[2011/05/28 17:27:18 | 000,000,000 | ---D | C] -- C:\PROM PIX PLUS OLD PIX
[2011/05/28 11:36:29 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\{E176498A-3DAD-4ED2-B35D-1E2707018EF4}
[2010/03/15 15:38:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Will\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/06/26 20:56:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2011/06/26 20:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 20:37:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Will\Desktop\HijackThis.exe
[2011/06/26 20:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196960314-3850049543-1727019512-1000UA.job
[2011/06/26 20:09:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 20:09:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 19:51:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 17:09:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/26 16:21:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-196960314-3850049543-1727019512-1000Core.job
[2011/06/26 10:55:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 10:55:03 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 02:01:35 | 000,526,583 | ---- | M] () -- C:\Users\Will\Desktop\lookalike.jpg
[2011/06/25 02:50:24 | 000,782,058 | ---- | M] () -- C:\Users\Will\Desktop\ua.png
[2011/06/25 00:04:44 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/24 13:19:42 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/24 13:18:27 | 001,606,656 | ---- | M] () -- C:\Users\Will\Desktop\SteamInstall.msi
[2011/06/24 02:20:21 | 000,149,185 | ---- | M] () -- C:\Users\Will\Desktop\asf.png
[2011/06/22 23:19:31 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/22 23:19:31 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/22 23:19:31 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/22 22:41:49 | 000,098,075 | ---- | M] () -- C:\Users\Will\Desktop\1308807382209.jpg
[2011/06/21 02:57:30 | 001,252,976 | ---- | M] () -- C:\Users\Will\Desktop\Google Updater.exe
[2011/06/21 02:07:24 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/06/21 02:06:59 | 007,648,768 | ---- | M] (Opera Software ASA) -- C:\Users\Will\Desktop\Opera_1111_en_Setup.exe
[2011/06/21 02:06:01 | 000,589,664 | ---- | M] (Google Inc.) -- C:\Users\Will\Desktop\ChromeSetup.exe
[2011/06/20 11:22:07 | 000,032,044 | ---- | M] () -- C:\Users\Will\Desktop\0620-ryan-twitpic-asset.jpg
[2011/06/20 10:33:59 | 000,393,193 | ---- | M] () -- C:\Users\Will\Desktop\karmaloop.png
[2011/06/19 13:39:12 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/17 22:46:59 | 000,059,055 | ---- | M] () -- C:\Users\Will\Desktop\asian.png
[2011/06/17 22:06:27 | 000,262,961 | ---- | M] () -- C:\Users\Will\Desktop\248736_134413933300079_100001944185309_233329_7279780_n.jpg
[2011/06/17 18:45:50 | 000,098,226 | ---- | M] () -- C:\Users\Will\Desktop\receipt.png
[2011/06/17 00:42:52 | 000,517,737 | ---- | M] () -- C:\Users\Will\Desktop\shoes.png
[2011/06/15 22:15:59 | 000,159,744 | ---- | M] () -- C:\Users\Will\Documents\Will.fdy
[2011/06/14 16:33:10 | 000,061,371 | ---- | M] () -- C:\Users\Will\Desktop\254938_10150274946990845_682895844_9360889_6909489_n.jpg
[2011/06/14 16:31:47 | 000,036,718 | ---- | M] () -- C:\Users\Will\Desktop\ana.jpg
[2011/06/13 19:25:57 | 000,044,858 | ---- | M] () -- C:\Users\Will\Desktop\31295_103219943058561_100001116680008_28047_5489716_n.jpg
[2011/06/13 19:24:09 | 000,181,060 | ---- | M] () -- C:\Users\Will\Desktop\241078_103496866406893_100002397404013_29746_8345678_o.jpg
[2011/06/13 04:02:24 | 001,160,446 | ---- | M] () -- C:\Users\Will\Desktop\flannel.png
[2011/06/12 14:24:40 | 000,184,202 | ---- | M] () -- C:\Users\Will\Desktop\Sprintpictures_06122011_1424.zip
[2011/06/12 14:24:34 | 000,185,044 | ---- | M] () -- C:\Users\Will\Desktop\9035399454869_ORIG.jpeg
[2011/06/10 18:02:14 | 180,186,299 | ---- | M] () -- C:\Users\Will\Desktop\Funk Nasty.mp3
[2011/06/10 17:55:27 | 007,400,765 | ---- | M] () -- C:\Users\Will\Desktop\Put It In Ya Mouth [prototype].mp3
[2011/06/10 14:20:09 | 000,171,862 | ---- | M] () -- C:\Users\Will\Desktop\kreay.png
[2011/06/09 22:41:36 | 000,190,289 | ---- | M] () -- C:\Users\Will\Desktop\jason.png
[2011/06/09 20:16:22 | 000,009,017 | ---- | M] () -- C:\Users\Will\Desktop\Star.mid
[2011/06/09 15:21:28 | 000,039,825 | ---- | M] () -- C:\Users\Will\Desktop\claire.jpg
[2011/06/09 10:58:18 | 006,400,936 | ---- | M] (TomTom International B.V.) -- C:\Users\Will\Desktop\InstallMyTomTomSA.exe
[2011/06/06 08:20:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/05 11:20:26 | 000,328,390 | ---- | M] () -- C:\Users\Will\Desktop\creatine.png
[2011/06/05 11:19:47 | 000,056,719 | ---- | M] () -- C:\Users\Will\Desktop\2.jpg
[2011/06/05 01:45:59 | 000,159,744 | ---- | M] () -- C:\Users\Will\Documents\Will Backup.fbk
[2011/06/04 02:02:11 | 000,328,556 | ---- | M] () -- C:\Users\Will\Desktop\1307171243212.jpg
[2011/06/04 02:00:56 | 000,086,036 | ---- | M] () -- C:\Users\Will\Desktop\1307171272259.jpg
[2011/06/04 01:49:56 | 000,054,211 | ---- | M] () -- C:\Users\Will\Desktop\1307176645435.jpg
[2011/06/02 09:44:56 | 000,435,353 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/01 19:03:33 | 000,019,760 | ---- | M] () -- C:\Users\Will\Desktop\Tyler-the-Creator-Goblin-(Deluxe-Limited-Edition).jpg
[2011/06/01 17:57:35 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.3 64-bit.lnk
[2011/06/01 17:08:07 | 000,562,661 | ---- | M] () -- C:\Users\Will\Desktop\tristan and nico final.jpg
[2011/06/01 10:27:58 | 000,001,140 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:27:58 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 08:17:19 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/01 08:15:57 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/05/31 19:32:53 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/05/31 18:49:34 | 109,691,180 | ---- | M] () -- C:\Users\Will\Desktop\20110505 153553.wav
[2011/05/30 12:46:08 | 024,922,365 | ---- | M] () -- C:\Users\Will\Desktop\mix for soundcloud.mp3
[2011/05/30 02:15:11 | 046,327,013 | ---- | M] () -- C:\Users\Will\Desktop\second mix.mp3
[2011/05/29 20:13:23 | 028,840,437 | ---- | M] () -- C:\Users\Will\Desktop\dance mix.mp3
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/26 02:01:32 | 000,526,583 | ---- | C] () -- C:\Users\Will\Desktop\lookalike.jpg
[2011/06/25 02:50:24 | 000,782,058 | ---- | C] () -- C:\Users\Will\Desktop\ua.png
[2011/06/25 00:04:44 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/24 13:19:42 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/24 13:18:24 | 001,606,656 | ---- | C] () -- C:\Users\Will\Desktop\SteamInstall.msi
[2011/06/24 02:20:21 | 000,149,185 | ---- | C] () -- C:\Users\Will\Desktop\asf.png
[2011/06/22 22:41:48 | 000,098,075 | ---- | C] () -- C:\Users\Will\Desktop\1308807382209.jpg
[2011/06/21 02:57:43 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/21 02:57:30 | 001,252,976 | ---- | C] () -- C:\Users\Will\Desktop\Google Updater.exe
[2011/06/21 02:07:24 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/06/21 02:07:24 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/06/20 11:22:06 | 000,032,044 | ---- | C] () -- C:\Users\Will\Desktop\0620-ryan-twitpic-asset.jpg
[2011/06/20 10:33:59 | 000,393,193 | ---- | C] () -- C:\Users\Will\Desktop\karmaloop.png
[2011/06/17 22:46:59 | 000,059,055 | ---- | C] () -- C:\Users\Will\Desktop\asian.png
[2011/06/17 22:04:49 | 000,262,961 | ---- | C] () -- C:\Users\Will\Desktop\248736_134413933300079_100001944185309_233329_7279780_n.jpg
[2011/06/17 18:45:50 | 000,098,226 | ---- | C] () -- C:\Users\Will\Desktop\receipt.png
[2011/06/17 00:42:52 | 000,517,737 | ---- | C] () -- C:\Users\Will\Desktop\shoes.png
[2011/06/14 16:33:10 | 000,061,371 | ---- | C] () -- C:\Users\Will\Desktop\254938_10150274946990845_682895844_9360889_6909489_n.jpg
[2011/06/14 00:47:02 | 000,036,718 | ---- | C] () -- C:\Users\Will\Desktop\ana.jpg
[2011/06/13 19:25:57 | 000,044,858 | ---- | C] () -- C:\Users\Will\Desktop\31295_103219943058561_100001116680008_28047_5489716_n.jpg
[2011/06/13 19:24:08 | 000,181,060 | ---- | C] () -- C:\Users\Will\Desktop\241078_103496866406893_100002397404013_29746_8345678_o.jpg
[2011/06/13 04:02:23 | 001,160,446 | ---- | C] () -- C:\Users\Will\Desktop\flannel.png
[2011/06/12 14:24:49 | 000,185,044 | ---- | C] () -- C:\Users\Will\Desktop\9035399454869_ORIG.jpeg
[2011/06/12 14:24:38 | 000,184,202 | ---- | C] () -- C:\Users\Will\Desktop\Sprintpictures_06122011_1424.zip
[2011/06/10 17:59:14 | 180,186,299 | ---- | C] () -- C:\Users\Will\Desktop\Funk Nasty.mp3
[2011/06/10 17:55:27 | 007,400,765 | ---- | C] () -- C:\Users\Will\Desktop\Put It In Ya Mouth [prototype].mp3
[2011/06/10 14:09:46 | 000,171,862 | ---- | C] () -- C:\Users\Will\Desktop\kreay.png
[2011/06/09 22:32:05 | 000,190,289 | ---- | C] () -- C:\Users\Will\Desktop\jason.png
[2011/06/09 20:55:53 | 000,009,017 | ---- | C] () -- C:\Users\Will\Desktop\Star.mid
[2011/06/09 15:21:25 | 000,039,825 | ---- | C] () -- C:\Users\Will\Desktop\claire.jpg
[2011/06/06 23:19:34 | 063,609,901 | ---- | C] () -- C:\Users\Will\Desktop\101_2965a.MOV
[2011/06/05 11:20:26 | 000,328,390 | ---- | C] () -- C:\Users\Will\Desktop\creatine.png
[2011/06/05 11:19:44 | 000,056,719 | ---- | C] () -- C:\Users\Will\Desktop\2.jpg
[2011/06/05 00:03:07 | 044,448,305 | ---- | C] () -- C:\Users\Will\Desktop\101_2965.MOV
[2011/06/04 02:02:11 | 000,328,556 | ---- | C] () -- C:\Users\Will\Desktop\1307171243212.jpg
[2011/06/04 02:00:56 | 000,086,036 | ---- | C] () -- C:\Users\Will\Desktop\1307171272259.jpg
[2011/06/04 01:49:54 | 000,054,211 | ---- | C] () -- C:\Users\Will\Desktop\1307176645435.jpg
[2011/06/01 19:03:31 | 000,019,760 | ---- | C] () -- C:\Users\Will\Desktop\Tyler-the-Creator-Goblin-(Deluxe-Limited-Edition).jpg
[2011/06/01 17:57:35 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3 64-bit.lnk
[2011/06/01 17:57:35 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.3 64-bit.lnk
[2011/06/01 17:08:05 | 000,562,661 | ---- | C] () -- C:\Users\Will\Desktop\tristan and nico final.jpg
[2011/06/01 10:27:58 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 08:17:19 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/01 08:15:57 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/05/31 19:32:53 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/05/31 18:48:47 | 109,691,180 | ---- | C] () -- C:\Users\Will\Desktop\20110505 153553.wav
[2011/05/30 01:43:00 | 046,327,013 | ---- | C] () -- C:\Users\Will\Desktop\second mix.mp3
[2011/05/29 20:50:22 | 024,922,365 | ---- | C] () -- C:\Users\Will\Desktop\mix for soundcloud.mp3
[2011/03/19 14:47:39 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/19 14:47:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/16 19:42:20 | 000,000,017 | ---- | C] () -- C:\Users\Will\AppData\Local\resmon.resmoncfg
[2010/10/16 11:19:59 | 000,000,120 | ---- | C] () -- C:\Users\Will\AppData\Local\Xdegiriso.dat
[2010/10/16 11:19:59 | 000,000,000 | ---- | C] () -- C:\Users\Will\AppData\Local\Mcanumo.bin
[2010/08/23 19:48:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/17 23:47:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/17 19:55:11 | 000,027,652 | ---- | C] () -- C:\Users\Will\AppData\Roaming\wklnhst.dat
[2010/03/15 15:38:39 | 000,099,384 | ---- | C] () -- C:\Users\Will\AppData\Roaming\inst.exe
[2010/03/15 15:38:39 | 000,007,859 | ---- | C] () -- C:\Users\Will\AppData\Roaming\pcouffin.cat
[2010/03/15 15:38:39 | 000,001,167 | ---- | C] () -- C:\Users\Will\AppData\Roaming\pcouffin.inf
[2010/03/13 00:39:24 | 000,000,151 | ---- | C] () -- C:\Users\Will\AppData\Roaming\default.rss
[2010/03/13 00:38:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/12 23:27:16 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/12 16:55:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/02 19:52:46 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/28 04:27:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/28 04:27:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/28 04:27:15 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/28 03:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >

OTL Extras logfile created on: 6/26/2011 8:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Will\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Intern

guestolo · « **Reply #3 on:** June 27, 2011, 09:33:07 PM »

Just to get a clearer picture, is it the Internet that is slower, or is the computer in General

is Will 1337? · « **Reply #4 on:** June 27, 2011, 10:43:08 PM »

I suppose it might be both. Websites take a while to load every now and then, and when I try to play a game on my laptop the game starts to slow down every 30 seconds or so. I'm not really sure.

guestolo · « **Reply #5 on:** June 27, 2011, 11:47:18 PM »

Try the following

Disable SpybotSD TeaTimer, as it may interfere with anything that we try
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.
If you are not prompted to reboot, restart the computer anyways

Back in Windows
Close down all browser windows
In Control Panel>>Programs and Features
Uninstall the following

Ask Toolbar
You don't need to uninstall Skype, but try uninstalling
Skype Toolbars <--this is optional, but for troubleshooting purposes, please remove it
It is not removing skype itself

Open your copy of Malwarebytes Anti-Malware, when it loads

Click on the UPDATE tab and check for Updates
If an update is found, it will download and install the latest version.
after updating, select "Perform Quick Scan", then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition: Go to the following link
[color="#0000FF"]ESET Online Scanner[/color][/url]

Click on the DOWNLOAD button next to "Eset Online Scanner"
A new window will open, Download and save to your desktop
esetsmartinstaller_enu.exe

Right click on 'esetsmartinstaller_enu.exe' and choose to "Run as Administrator"
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

is Will 1337? · « **Reply #6 on:** June 28, 2011, 03:45:11 AM »

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6965

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/27/2011 10:17:31 PM
mbam-log-2011-06-27 (22-17-31).txt

Scan type: Quick scan
Objects scanned: 177544
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e34f88fa6066394b930a80fa9cf793db
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-28 08:22:47
# local_time=2011-06-28 01:22:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 1341476 60783883 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=483020
# found=0
# cleaned=0
# scan_time=8954

guestolo · « **Reply #7 on:** June 29, 2011, 10:56:39 PM »

Luckily, there doesn't appear to be nothing wrong
Why don't you have your own AntiVirus software installed?

How are things now running?

is Will 1337? · « **Reply #8 on:** June 30, 2011, 12:27:39 AM »

[quote name='guestolo' timestamp='1309406199' post='479893']
Luckily, there doesn't appear to be nothing wrong
Why don't you have your own AntiVirus software installed?

How are things now running?
[/quote]

My internet seems to be running fine, but when I play a game like Counter-Strike, it slows down from time to time. Maybe it's my hardware that isn't up to par. I shall go and find an anti-virus to use. Do you have a personal preference for anti-viruses?

guestolo · « **Reply #9 on:** June 30, 2011, 12:11:35 PM »

A couple errors on your log may indicate a problems
Let's take a closer look

Quote

The driver detected a controller error on \Device\Harddisk1\DR1.

I see that you have the following drives
Drive C: | 453.66 Gb Total Space | 297.54 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 142.84 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

do you have a single harddrive, or more than one?
do you know which drive is referred to from Harddisk1\DR1
you may get a clue if you right click Computer, select Managed, select Disk Management

In addition: I see the following

Quote

Error - 6/25/2011 3:37:13 AM | Computer Name = Will-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

This error is most likely related to Partition Magic
You should maybe try to update it, or Uninstall it and reboot the computer
This error could cause BSOD's or random restarts

is Will 1337? · « **Reply #10 on:** June 30, 2011, 03:28:29 PM »

I have 2 hard drives, the internal one, and one external one. I'm pretty sure that my external hard drive (H:) is referred as Drive 1, here is a picture

guestolo · « **Reply #11 on:** June 30, 2011, 03:46:31 PM »

Can you check your External drive for errors, just to be safe
http://www.ehow.com/how_6890830_test-external-hard-drive.html

is Will 1337? · « **Reply #12 on:** June 30, 2011, 08:24:57 PM »

It says no problems have been found

guestolo · « **Reply #13 on:** June 30, 2011, 11:33:30 PM »

Try a free one, low on resources
From Microsoft
Take a look at Microsoft Security essentials
http://www.microsoft.com/en-ca/security_essentials/default.aspx

NOTE: After updating, you may want to run a Full Scan the first time, just to ensure it claims you are clean

TheTechGuide Forum

News:

Author Topic: My HijackThis log (Read 2760 times)

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log

is Will 1337?

My HijackThis log

guestolo

My HijackThis log