nicolerocks711

Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 7/15/2010 11:37:27 PM Event ID: 5058 Task Category: Other System Events Level: Information Keywords: Audit Success User: N/A Description: Key file operation. Subject: Security ID: LOCAL SERVICE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: 9313e99a-221f-4784-8d04-4e3417d1a33d Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\593d704bafc289dd7f3b6a129d69a018_d6ab8cf2-a629-4af0-b08f-d7c2b5e66fa1 Operation: Read persisted key from file. Return Code: 0x0 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>5058</EventID> <Version>0</Version> <Level>0</Level> <Task>12292</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2010-07-16T03:37:27.158350600Z" /> <EventRecordID>34887</EventRecordID> <Correlation /> <Execution ProcessID="536" ThreadID="3068" /> <Channel>Security</Channel> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-19</Data> <Data Name="SubjectUserName">LOCAL SERVICE</Data> <Data Name="SubjectDomainName">NT AUTHORITY</Data> <Data Name="SubjectLogonId">0x3e5</Data> <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data> <Data Name="AlgorithmName">%%2432</Data> <Data Name="KeyName">9313e99a-221f-4784-8d04-4e3417d1a33d</Data> <Data Name="KeyType">%%2499</Data> <Data Name="KeyFilePath">C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\593d704bafc289dd7f3b6a129d69a018_d6ab8cf2-a629-4af0-b08f-d7c2b5e66fa1</Data> <Data Name="Operation">%%2458</Data> <Data Name="ReturnCode">0x0</Data> </EventData> </Event> is this a key logger?

This doesn't look good at all: Log Name: Application Source: Microsoft-Windows-User Profiles Service Date: 7/16/2010 12:41:12 AM Event ID: 1530 Task Category: None Level: Warning Keywords: User: SYSTEM Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3648176129-1440165320-851753708-1002: Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\trust Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\Root Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\My Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\CA Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\Disallowed Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" /> <EventID>1530</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2010-07-16T04:41:12.448706500Z" /> <EventRecordID>18805</EventRecordID> <Correlation /> <Execution ProcessID="392" ThreadID="3012" /> <Channel>Application</Channel> <Security UserID="S-1-5-18" /> </System> <EventData Name="EVENT_HIVE_LEAK"> <Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-3648176129-1440165320-851753708-1002: Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002 Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\TrustedPeople Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\trust Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\Root Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Policies\Microsoft\SystemCertificates Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\My Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\CA Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2596 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3648176129-1440165320-851753708-1002\Software\Microsoft\SystemCertificates\Disallowed </Data> </EventData> </Event>

This doesn't look right to me either: Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 7/15/2010 11:39:52 PM Event ID: 1066 Task Category: None Level: Information Keywords: Classic User: N/A Description: Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1066</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-07-16T03:39:52.000000000Z" /> <EventRecordID>18791</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Security /> </System> <EventData> <Data>C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000 </Data> </EventData> </Event>

Found this too: Log Name: Application Source: ESENT Date: 7/15/2010 11:36:29 PM Event ID: 301 Task Category: Logging/Recovery Level: Information Keywords: Classic User: N/A Description: Windows (2776) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ESENT" /> <EventID Qualifiers="0">301</EventID> <Level>4</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-07-16T03:36:29.000000000Z" /> <EventRecordID>18786</EventRecordID> <Channel>Application</Channel> <Security /> </System> <EventData> <Data>Windows</Data> <Data>2776</Data> <Data>Windows: </Data> <Data>C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log</Data> </EventData> </Event>

I found this in my event viewer at i think the time i accidently clicked on that link: Log Name: Application Source: Microsoft-Windows-EventSystem Date: 7/15/2010 11:33:54 PM Event ID: 4625 Task Category: None Level: Information Keywords: Classic User: N/A Description: The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> <EventID Qualifiers="16384">4625</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-07-16T03:33:54.000000000Z" /> <EventRecordID>18772</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Security /> </System> <EventData> <Data Name="param1">86400</Data> <Data Name="param2">SuppressDuplicateDuration</Data> <Data Name="param3">Software\Microsoft\EventSystem\EventLog</Data> </EventData> </Event>

I just ran adspy that comes with hijackthis, i saw someone talking about it on another online board. Anyways when i hit scan it saids it's complete in like 0 secs, does that mean it doesn't detect anything?

It will only have me restore it to the earliest 7/19 and i think i need to go before that

where do i find that at? and you don't think it's connected from getting redirected from neopets? after that happened that's when i had these problems.

it won't open

No it is not there under processes

just tried it, WMP will not load in safe mode

See that is the problem though, i already tried that (and again just now), it isn't listed there or on revo uninstaller. That is what i did with AIM i uninstalled it and reinstalled it and i still couldn't open it. For AIM, it looked like it tried to open it then closed it right away. That is why I thought it was an Antivirus problem having both AVG and Microsoft SE.

OTL logfile created on: 7/24/2010 4:36:19 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\xxxxxxxxxxxxxxxx\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 136.95 Gb Total Space | 94.91 Gb Free Space | 69.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxxxxxxxxxxxxxxxx Current User Name: xxxxxxxxxxxxxxxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/24 16:36:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxxxxxxxxxxx\Downloads\OTL.exe PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2009/08/21 22:17:00 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010/07/24 16:36:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxxxxxxxxxxx\Downloads\OTL.exe MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009/08/06 13:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...84z1l5t4842x244 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.neopets.com" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4 FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/04 13:35:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/16 09:58:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/19 23:47:37 | 000,000,000 | ---D | M] [2010/07/16 09:59:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Extensions [2010/07/17 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions [2010/07/16 10:22:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/16 10:13:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/07/16 10:31:10 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} [2010/07/16 10:22:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/16 10:27:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/07/16 10:31:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2010/07/16 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ykvef5bn.default\extensions\keyscrambler@qfx.software.corporation [2010/07/16 09:58:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/24 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/07/24 15:24:09 | 000,000,000 | ---D | C] -- C:\VundoFix Backups [2010/07/24 14:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010/07/24 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2010/07/21 10:21:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg [2010/07/18 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\PeerNetworking [2010/07/17 09:55:22 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010/07/16 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010/07/16 09:59:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla [2010/07/16 09:59:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Local\Mozilla [2010/07/16 09:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/07/16 00:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010/07/14 09:38:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010/06/28 21:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010/06/25 02:07:21 | 000,000,000 | ---D | C] -- C:\4bdf0312c04be8eb40f4da32 ========== Files - Modified Within 30 Days ========== [2010/07/24 16:40:54 | 001,835,008 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat [2010/07/24 16:31:33 | 000,001,502 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\dds - Shortcut.lnk [2010/07/24 15:59:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648176129-1440165320-851753708-1002UA.job [2010/07/24 15:56:39 | 000,002,097 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\HijackThis.lnk [2010/07/24 14:59:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648176129-1440165320-851753708-1002Core.job [2010/07/24 14:44:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/24 14:44:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/24 14:37:25 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TMContainer00000000000000000002.regtrans-ms [2010/07/24 14:37:24 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TMContainer00000000000000000001.regtrans-ms [2010/07/24 14:37:24 | 000,065,536 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TM.blf [2010/07/24 14:37:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/24 14:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/24 14:36:49 | 325,524,710 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/07/24 14:36:46 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys [2010/07/24 14:01:55 | 006,291,456 | -H-- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Local\IconCache.db [2010/07/23 23:24:26 | 000,049,664 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/20 15:25:50 | 000,005,920 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\wklnhst.dat [2010/07/20 01:54:05 | 000,068,510 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\minidump.zip [2010/07/19 23:29:57 | 000,001,052 | -H-- | M] () -- C:\IPH.PH [2010/07/18 11:27:14 | 000,033,134 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\UserTile.png [2010/07/17 14:55:14 | 000,002,366 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\Google Chrome.lnk [2010/07/16 09:59:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/07/16 09:58:48 | 000,001,967 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/16 09:58:48 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/07/16 09:43:37 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2010/07/16 09:43:37 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [2010/07/16 00:09:51 | 000,001,441 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/07/14 00:31:25 | 000,940,590 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71310a.html [2010/07/13 23:20:53 | 000,376,982 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\gigi71310.html [2010/07/13 14:17:14 | 000,159,924 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71310.html [2010/07/13 01:04:40 | 000,923,703 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71210.html [2010/07/11 00:19:58 | 000,627,961 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71010.html [2010/07/08 16:45:33 | 000,466,129 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7810.html [2010/07/07 23:58:05 | 001,322,038 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7710.html [2010/07/07 23:54:34 | 000,537,333 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\wes7710.html [2010/07/07 18:58:43 | 000,017,408 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\7710song658pm.wps [2010/07/06 16:13:03 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TMContainer00000000000000000002.regtrans-ms [2010/07/06 16:13:03 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TMContainer00000000000000000001.regtrans-ms [2010/07/06 16:13:03 | 000,065,536 | -HS- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TM.blf [2010/07/04 10:45:59 | 000,200,586 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7410.html [2010/07/04 00:20:40 | 001,137,236 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7310.html [2010/07/03 23:27:01 | 000,023,040 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\7310.wps [2010/07/02 14:18:14 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/28 21:08:24 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/06/28 16:10:26 | 000,034,816 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume2010.doc [2010/06/28 16:10:05 | 000,017,360 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume.docx [2010/06/28 16:09:14 | 000,169,375 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume.pdf [2010/06/28 16:03:15 | 000,017,288 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\retailresume.docx [2010/06/27 09:09:57 | 000,001,011 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\CCleaner.lnk [2010/06/27 00:58:52 | 000,870,847 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62610a.html [2010/06/26 19:28:40 | 000,303,337 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62610.html [2010/06/26 00:26:02 | 000,159,780 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\gigi62510.html [2010/06/26 00:25:48 | 000,306,034 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\sarah62510a.html [2010/06/26 00:25:37 | 000,558,815 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62510a.html [2010/06/25 14:53:36 | 000,173,127 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\sarah62510.html [2010/06/25 14:53:26 | 000,221,754 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62510.html [2010/06/25 02:10:06 | 000,734,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/25 02:10:06 | 000,619,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/25 02:10:06 | 000,105,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/25 02:04:34 | 002,282,809 | ---- | M] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62410.html ========== Files Created - No Company Name ========== [2010/07/24 16:31:33 | 000,001,502 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\dds - Shortcut.lnk [2010/07/24 15:56:39 | 000,002,097 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\HijackThis.lnk [2010/07/24 14:37:25 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TMContainer00000000000000000002.regtrans-ms [2010/07/24 14:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TMContainer00000000000000000001.regtrans-ms [2010/07/24 14:37:24 | 000,065,536 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{63c9a532-9752-11df-b312-002622681d15}.TM.blf [2010/07/20 01:54:05 | 000,068,510 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\minidump.zip [2010/07/18 11:27:14 | 000,033,134 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\AppData\Roaming\UserTile.png [2010/07/17 14:55:14 | 000,002,366 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Desktop\Google Chrome.lnk [2010/07/17 14:54:17 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648176129-1440165320-851753708-1002UA.job [2010/07/17 14:54:16 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648176129-1440165320-851753708-1002Core.job [2010/07/16 18:06:52 | 325,524,710 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/07/16 09:59:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/07/16 09:58:48 | 000,001,967 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/16 09:58:48 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/07/16 00:49:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job [2010/07/16 00:49:38 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\McQcTask.job [2010/07/14 00:31:24 | 000,940,590 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71310a.html [2010/07/13 23:20:52 | 000,376,982 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\gigi71310.html [2010/07/13 14:17:14 | 000,159,924 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71310.html [2010/07/13 01:04:39 | 000,923,703 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71210.html [2010/07/11 00:19:57 | 000,627,961 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank71010.html [2010/07/08 16:45:32 | 000,466,129 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7810.html [2010/07/07 23:58:03 | 001,322,038 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7710.html [2010/07/07 23:54:33 | 000,537,333 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\wes7710.html [2010/07/07 18:58:43 | 000,017,408 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\7710song658pm.wps [2010/07/06 15:06:33 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TMContainer00000000000000000002.regtrans-ms [2010/07/06 15:06:33 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TMContainer00000000000000000001.regtrans-ms [2010/07/06 15:06:33 | 000,065,536 | -HS- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\ntuser.dat{8e734156-8927-11df-85f7-002622681d15}.TM.blf [2010/07/04 10:45:58 | 000,200,586 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7410.html [2010/07/04 00:20:39 | 001,137,236 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank7310.html [2010/07/03 23:22:54 | 000,023,040 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\7310.wps [2010/06/28 16:10:24 | 000,034,816 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume2010.doc [2010/06/28 16:09:12 | 000,169,375 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume.pdf [2010/06/28 16:06:25 | 000,017,360 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\xxxxxxxxxxxxxxxxxresume.docx [2010/06/27 00:58:51 | 000,870,847 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62610a.html [2010/06/26 19:28:40 | 000,303,337 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62610.html [2010/06/26 00:26:02 | 000,159,780 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\gigi62510.html [2010/06/26 00:25:48 | 000,306,034 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\sarah62510a.html [2010/06/26 00:25:36 | 000,558,815 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62510a.html [2010/06/25 14:53:36 | 000,173,127 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\sarah62510.html [2010/06/25 14:53:25 | 000,221,754 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62510.html [2010/06/25 02:04:32 | 002,282,809 | ---- | C] () -- C:\Users\xxxxxxxxxxxxxxxx\Documents\hank62410.html [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report >

ok this one seems to be running. Like i said I can't get AIM or windows media player to run. Before I got BSoD but i ran disc checker a few days ago and i think that fixed things. I just found the "event viewer" i think it's called and there are tons of events on there. Besides those problems there really aren't any, like i said when i got redirected i think something could have got downloaded to my comp like a rootkit or something. I am not a comp expert by any means which is why i am here to see if you guys can find anything.

Hey I just tried this, a window pops up and disappears really quickly