Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected keylogger, hijacked Steam account...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected keylogger, hijacked Steam account...

Unread postby n1x1n » August 15th, 2009, 7:42 am

Two days ago, my Steam account was stolen. Fortunately, after submitting a ticket to steam with proof of ownership etc, I retrieved my account the very next day (thank you Steam).
Now I have absolutely no idea how this thief hijacked my account, it completely beats me. I do not remember going to any suspicious files so I don't think it has to do with phishing but then again, I really don't remember. My suspicion is that somehow he inserted a keylogger into my computer. I really don't know how it would have happened since I have a strong antivirus (ESET Nod32) and I'm usually very careful on the internet in general...
But anyways, it happened, once again fortunately I got my account back, but I want to make sure that I do NOT have some sort of keylogger or virus that would allow the thief, or any other thief, to steal my Steam account again in the future.
Please help me!

Here's my HijackThis log:

Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:15 AM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\osk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1241064167471&h=c4caedd4747fe401475944c1f1c23ea0/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6737 bytes
n1x1n
Active Member
 
Posts: 4
Joined: August 15th, 2009, 7:36 am
Advertisement
Register to Remove

Re: Suspected keylogger, hijacked Steam account...

Unread postby MWR 3 day Mod » August 18th, 2009, 2:34 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby hottroc » August 19th, 2009, 8:14 am

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby n1x1n » August 19th, 2009, 6:43 pm

hottroc wrote:-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.


OMG thank you!! I really hope you hurry because my steam account was stolen AGAIN today. By the same person!!! He stole my steam account again!!!!!!!!!!
n1x1n
Active Member
 
Posts: 4
Joined: August 15th, 2009, 7:36 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby hottroc » August 19th, 2009, 7:43 pm

Please go to Virus Total and upload the following file for scanning:
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
  1. Please copy and paste the filename in the text box next to the Browse button.
  2. Click on Send File.

If anything suspicious is found please let me know.


Your HijackThis log appears clean but we will try a couple of deeper more detailed scans to be sure. Please follow these instructions carefully....

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


BLACKLIGHT
  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic together with the other logs requested above.


Now a question - have you intentionally installed Teamviewer? It's software for remote control of a PC, and, as such, could exhibit keylogger behaviour.

Finally, I see you have Eset NOD32 antivirus installed. Could you tell me if you also have the Firewall part of that suite installed or alternatively do you have the Windows Firewall active? (You can find this out from Security Center within your Control Panel)
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby n1x1n » August 19th, 2009, 7:53 pm

OTL.Txt
Code: Select all
OTL logfile created on: 8/19/2009 4:46:33 PM - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Users\n1x1n\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.63% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 603.64 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 124.51 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: N1X1N-PC
Current User Name: n1x1n
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Diamondback 3G\razertra.exe ()
PRC - C:\Program Files\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Opera\Opera.exe (Opera Software)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\n1x1n\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\osk.exe (Microsoft Corporation)
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AMD External Events Utility [Auto | Running]) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Running]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer4 [Auto | Running]) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Running]) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (easdrv [System | Running]) -- C:\Windows\System32\DRIVERS\easdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (epfwtdir [System | Running]) -- C:\Windows\System32\DRIVERS\epfwtdir.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ASACPI.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (Razerlow [On_Demand | Running]) -- C:\Windows\System32\Drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (sbtis [System | Running]) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Si3132r5 [Boot | Running]) -- C:\Windows\system32\DRIVERS\Si3132r5.sys (Silicon Image, Inc)
DRV - (SiFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil [Boot | Running]) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (VX3000 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\S-1-5-21-2294938891-3926777733-105981096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\S-1-5-21-2294938891-3926777733-105981096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 02:16:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 20:06:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/14 05:29:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/14 20:06:41 | 00,000,000 | ---D | M]
 
[2009/07/12 18:50:12 | 00,000,000 | ---D | M] -- C:\Users\n1x1n\AppData\Roaming\mozilla\Extensions
[2009/07/12 18:50:12 | 00,000,000 | ---D | M] -- C:\Users\n1x1n\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/18 07:31:39 | 00,000,000 | ---D | M] -- C:\Users\n1x1n\AppData\Roaming\mozilla\Firefox\Profiles\a4uygoek.default\extensions
[2009/08/18 07:31:39 | 00,000,000 | ---D | M] -- C:\Users\n1x1n\AppData\Roaming\mozilla\Firefox\Profiles\a4uygoek.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/12 18:49:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/12 18:49:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 06:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 06:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 06:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 04:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 04:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 04:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 04:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 04:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 04:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 04:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2294938891-3926777733-105981096-1000\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1241064167471&h=c4caedd4747fe401475944c1f1c23ea0/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx (CoxSelfInstallAx10 Control)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60187aea-34f5-11de-b9bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60187aea-34f5-11de-b9bd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/08/19 16:45:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\n1x1n\Desktop\OTL.exe
[2009/08/19 14:40:04 | 17,819,0882 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_dance_3-2008___UbD___.rar
[2009/08/19 13:59:36 | 17,788,5560 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2006___UbD___.rar
[2009/08/19 10:21:38 | 17,305,3494 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2006___UbD___.rar
[2009/08/19 09:33:39 | 16,508,8735 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2006___UbD___.rar
[2009/08/19 08:48:39 | 16,658,4186 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2005___UbD___.rar
[2009/08/19 08:08:10 | 17,487,7115 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2005___UbD___.rar
[2009/08/19 07:28:13 | 16,929,7518 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2005___UbD___.rar
[2009/08/19 06:47:29 | 17,545,6534 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2005___UbD___.rar
[2009/08/19 06:07:19 | 17,203,2264 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2004___UbD___.rar
[2009/08/19 05:26:59 | 17,303,2741 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2001___UbD___.rar
[2009/08/19 04:46:16 | 17,582,3353 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2001___UbD___.rar
[2009/08/19 04:06:20 | 17,025,9097 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2000___UbD___.rar
[2009/08/19 03:26:03 | 17,289,9826 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2000___UbD___.rar
[2009/08/19 02:46:05 | 17,109,8710 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2000___UbD___.rar
[2009/08/19 02:05:20 | 17,533,4944 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2004___UbD___.rar
[2009/08/19 01:24:33 | 17,515,8008 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2004___UbD___.rar
[2009/08/19 00:44:07 | 17,291,1718 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2004___UbD___.rar
[2009/08/19 00:17:51 | 17,388,6249 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2003___UbD___.rar
[2009/08/18 23:17:10 | 17,035,5086 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2003___UbD___.rar
[2009/08/18 22:11:46 | 16,942,7182 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2003___UbD___.rar
[2009/08/18 21:31:27 | 17,497,2567 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2003___UbD___.rar
[2009/08/18 19:30:26 | 16,016,7882 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2002___UbD___.rar
[2009/08/18 18:51:58 | 15,898,1062 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2002___UbD___.rar
[2009/08/18 17:51:36 | 17,531,0328 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2002___UbD___.rar
[2009/08/18 17:11:15 | 17,282,4264 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2002___UbD___.rar
[2009/08/18 16:46:42 | 16,815,1751 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2001___UbD___.rar
[2009/08/18 15:45:36 | 17,305,5335 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2001___UbD___.rar
[2009/08/18 15:05:29 | 17,052,8219 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2000___UbD___.rar
[2009/08/18 14:23:00 | 17,186,2629 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-1999___UbD___.rar
[2009/08/18 13:17:25 | 17,091,5687 | ---- | C] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-1999___UbD___.rar
[2009/08/17 16:58:25 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\Documents\Sony Projects
[2009/08/17 16:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2009/08/17 16:12:20 | 00,002,448 | ---- | C] () -- C:\Users\n1x1n\Documents\Register Vegas Pro.htm
[2009/08/17 16:05:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/08/17 16:04:35 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/08/15 04:24:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/14 20:36:30 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Local\ApplicationHistory
[2009/08/14 20:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/14 20:21:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/08/14 20:19:06 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbtis.sys
[2009/08/14 19:39:36 | 00,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/08/14 19:39:27 | 00,000,568 | ---- | C] () -- C:\Windows\System32\BDUpdateV1.xml
[2009/08/14 18:52:01 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/14 18:52:00 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/14 18:51:59 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/14 18:51:59 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/14 18:51:59 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/14 18:51:59 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/14 18:51:59 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/14 18:51:58 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/14 18:51:58 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/14 18:51:56 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/14 18:51:43 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/14 18:51:39 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/14 18:51:39 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/14 18:51:38 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/14 18:51:37 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/14 18:51:37 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/14 18:51:37 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/14 18:51:37 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/14 18:51:37 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/14 18:51:36 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/14 18:51:36 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/14 18:51:36 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/14 18:51:36 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/14 18:51:36 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/14 18:51:36 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/14 18:51:36 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/14 18:51:36 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/14 18:51:36 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/14 18:51:36 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/14 18:51:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/14 18:51:35 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/14 18:51:35 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/14 18:51:34 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/14 18:51:29 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/14 18:51:29 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/14 18:51:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/14 18:51:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/14 18:51:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/14 18:51:27 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/14 18:51:26 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/14 18:51:26 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/14 18:36:11 | 00,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys.bak
[2009/08/14 18:36:11 | 00,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfm.sys.bak
[2009/08/14 18:36:11 | 00,102,208 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\bdfndisf.sys.bak
[2009/08/14 18:36:11 | 00,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\BDVEDISK.sys.bak
[2009/08/14 17:14:53 | 00,000,850 | ---- | C] () -- C:\Windows\System32\ProductTweaks.xml
[2009/08/14 17:14:53 | 00,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2009/08/14 17:09:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\logs
[2009/08/14 17:09:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/08/14 17:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/08/14 17:06:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/08/14 17:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/08/14 16:44:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009/08/14 05:40:25 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/14 05:37:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/08/14 05:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/12 21:39:10 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\mIRC
[2009/08/12 21:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/08/11 01:14:26 | 00,159,869 | ---- | C] (Mohammad Ahmadi Bidakhvidi) -- C:\Users\n1x1n\Documents\Playboi Steam Account.exe
[2009/08/11 00:16:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/10 22:21:04 | 00,925,696 | ---- | C] (eCompete Online) -- C:\Users\n1x1n\Desktop\ECO-AC.exe
[2009/08/10 22:20:48 | 00,424,143 | ---- | C] () -- C:\Users\n1x1n\Documents\ECO-AC_1.0.zip
[2009/08/09 03:38:22 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\VMware
[2009/08/08 21:10:59 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/08/08 21:07:18 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009/08/08 20:10:29 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/08/08 01:36:39 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\InfraRecorder
[2009/08/08 01:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2009/08/06 16:47:57 | 00,233,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DreamScene.dll
[2009/08/06 16:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2009/08/06 16:46:23 | 01,171,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecureKeyBackupCPL.dll
[2009/08/06 16:46:23 | 00,000,711 | ---- | C] () -- C:\Windows\System32\CPSOKBTasks.xml
[2009/08/06 16:32:27 | 04,152,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wgaer_m.exe
[2009/08/06 16:32:26 | 00,001,303 | ---- | C] () -- C:\Windows\System32\WGAScanner.xml
[2009/08/06 16:17:10 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/06 15:47:04 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\Documents\VideoCopilot Video Streams HD
[2009/08/06 02:02:19 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/08/06 02:02:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/08/06 02:02:19 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/08/06 02:02:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/08/06 02:01:47 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/08/06 02:01:46 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/08/06 02:01:46 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/08/06 02:01:45 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/08/06 02:01:44 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/08/06 02:00:37 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/08/05 17:26:04 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\Publish Providers
[2009/08/05 17:25:34 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\Sony
[2009/08/05 17:25:34 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Local\Sony
[2009/08/03 14:21:46 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/03 14:21:46 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/03 14:21:46 | 00,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/08/03 14:21:45 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/08/02 19:06:56 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/08/02 19:06:52 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009/08/02 19:06:52 | 00,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009/08/02 19:06:46 | 00,362,240 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/08/02 19:06:45 | 00,000,486 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/08/02 19:06:44 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\TuneUp Software
[2009/08/02 19:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/08/02 19:06:14 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009/08/02 19:04:45 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/01 18:45:15 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Local\Yahoo
[2009/08/01 18:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/08/01 03:19:39 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\Documents\HJSPLIT
[2009/07/27 18:07:11 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\Talkback
[2009/07/27 18:07:06 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/27 18:07:05 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\Thunderbird
[2009/07/27 18:07:05 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Local\Thunderbird
[2009/07/27 18:06:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/07/26 22:25:16 | 00,921,624 | ---- | C] () -- C:\img2-001.raw
[2009/07/26 17:23:14 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Local\ESET
[2009/07/22 17:40:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/07/22 01:02:25 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/22 01:02:23 | 00,000,000 | ---D | C] -- C:\Users\n1x1n\AppData\Roaming\skypePM
[2009/07/18 18:11:49 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/12 12:04:08 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/17 14:24:08 | 00,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/03/16 13:26:02 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/20 19:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/21 08:21:56 | 00,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2006/11/02 05:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/18 02:53:26 | 00,147,456 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2004/08/13 09:56:20 | 00,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/08/19 16:45:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\n1x1n\Desktop\OTL.exe
[2009/08/19 16:00:00 | 00,000,486 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/08/19 15:30:03 | 01,519,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/19 15:30:03 | 00,674,436 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009/08/19 15:30:03 | 00,616,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/19 15:30:03 | 00,134,362 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009/08/19 15:30:03 | 00,109,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/19 15:25:06 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 15:25:06 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 15:25:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/19 15:25:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/19 15:24:50 | 22,981,4893 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/19 15:04:04 | 17,819,0882 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_dance_3-2008___UbD___.rar
[2009/08/19 14:37:44 | 17,788,5560 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2006___UbD___.rar
[2009/08/19 11:30:13 | 17,305,3494 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2006___UbD___.rar
[2009/08/19 10:04:07 | 16,508,8735 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2006___UbD___.rar
[2009/08/19 09:16:11 | 16,658,4186 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2005___UbD___.rar
[2009/08/19 08:31:10 | 17,487,7115 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2005___UbD___.rar
[2009/08/19 07:50:37 | 16,929,7518 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2005___UbD___.rar
[2009/08/19 07:10:42 | 17,545,6534 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2005___UbD___.rar
[2009/08/19 06:29:56 | 17,203,2264 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2004___UbD___.rar
[2009/08/19 05:49:48 | 17,303,2741 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2001___UbD___.rar
[2009/08/19 05:09:28 | 17,582,3353 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2001___UbD___.rar
[2009/08/19 04:28:43 | 17,025,9097 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2000___UbD___.rar
[2009/08/19 03:48:49 | 17,289,9826 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2000___UbD___.rar
[2009/08/19 03:08:31 | 17,109,8710 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2000___UbD___.rar
[2009/08/19 02:28:34 | 17,533,4944 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2004___UbD___.rar
[2009/08/19 01:47:43 | 17,515,8008 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2004___UbD___.rar
[2009/08/19 01:07:00 | 17,291,1718 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2004___UbD___.rar
[2009/08/19 00:41:50 | 17,388,6249 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2003___UbD___.rar
[2009/08/19 00:00:19 | 17,035,5086 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2003___UbD___.rar
[2009/08/18 23:14:53 | 16,942,7182 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2003___UbD___.rar
[2009/08/18 21:54:16 | 17,497,2567 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2003___UbD___.rar
[2009/08/18 19:51:37 | 16,016,7882 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2002___UbD___.rar
[2009/08/18 19:12:59 | 15,898,1062 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2002___UbD___.rar
[2009/08/18 18:49:47 | 17,531,0328 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-2002___UbD___.rar
[2009/08/18 17:34:02 | 17,282,4264 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2002___UbD___.rar
[2009/08/18 17:08:58 | 16,815,1751 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_4-2001___UbD___.rar
[2009/08/18 16:29:12 | 17,305,5335 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_3-2001___UbD___.rar
[2009/08/18 15:28:03 | 17,052,8219 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-2000___UbD___.rar
[2009/08/18 14:47:58 | 17,186,2629 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_2-1999___UbD___.rar
[2009/08/18 14:05:29 | 17,091,5687 | ---- | M] () -- C:\Users\n1x1n\Desktop\Best_of_disco_1-1999___UbD___.rar
[2009/08/18 02:00:11 | 00,120,832 | ---- | M] () -- C:\Users\n1x1n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 16:12:20 | 00,002,448 | ---- | M] () -- C:\Users\n1x1n\Documents\Register Vegas Pro.htm
[2009/08/17 05:40:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/16 09:59:31 | 03,629,359 | -H-- | M] () -- C:\Users\n1x1n\AppData\Local\IconCache.db
[2009/08/15 17:06:32 | 00,000,668 | ---- | M] () -- C:\Users\n1x1n\AppData\Roaming\vso_ts_preview.xml
[2009/08/14 20:06:14 | 00,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2009/08/14 19:39:27 | 00,000,568 | ---- | M] () -- C:\Windows\System32\BDUpdateV1.xml
[2009/08/14 17:14:53 | 00,000,850 | ---- | M] () -- C:\Windows\System32\ProductTweaks.xml
[2009/08/14 17:14:53 | 00,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2009/08/11 01:14:26 | 00,159,869 | ---- | M] (Mohammad Ahmadi Bidakhvidi) -- C:\Users\n1x1n\Documents\Playboi Steam Account.exe
[2009/08/10 22:20:48 | 00,424,143 | ---- | M] () -- C:\Users\n1x1n\Documents\ECO-AC_1.0.zip
[2009/08/08 21:10:59 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/08/06 16:15:20 | 04,152,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wgaer_m.exe
[2009/08/06 16:14:22 | 00,001,303 | ---- | M] () -- C:\Windows\System32\WGAScanner.xml
[2009/08/06 02:22:46 | 00,241,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/02 19:06:56 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/08/02 19:06:47 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/08/01 10:22:43 | 00,011,486 | ---- | M] () -- C:\Users\n1x1n\Documents\Download List For Angie, Marrisa and Siavosh.xlsx
[2009/07/29 17:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/27 18:07:06 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/26 22:27:54 | 00,921,624 | ---- | M] () -- C:\img2-001.raw
[2009/07/22 23:58:02 | 00,925,696 | ---- | M] (eCompete Online) -- C:\Users\n1x1n\Desktop\ECO-AC.exe
[2009/07/22 01:02:25 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/07/21 14:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 14:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 14:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 14:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 14:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 14:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 14:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 14:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 14:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 14:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 14:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 14:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 14:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 14:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 14:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 14:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/21 13:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/21 13:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/21 13:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/21 13:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 11:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 72 bytes -> C:\Windows:5B9489E31271B0E3
< End of report >



Extras.Txt
Code: Select all
OTL Extras logfile created on: 8/19/2009 4:46:33 PM - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Users\n1x1n\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.63% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 603.64 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 124.51 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: N1X1N-PC
Current User Name: n1x1n
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C1F819-CEC1-4EE6-98C4-67499D3822E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{18AE4C4F-7C5C-4C82-A1FD-F945867D8E89}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3965BEEA-FB7D-435D-A793-4A8BE0891085}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{52AA5E52-E779-4E3C-899A-026D3E98981E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61B22AEE-B968-4F16-97EA-F47220E7A3F3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{787903DD-C92F-49BE-A8FD-1BD7C360257D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{902C2671-457B-4F2F-8A62-EF9FDD907867}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A4BE1C45-E083-498A-8E9D-D9264FF8BEB1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B0A598CD-0440-4A07-B6F0-A073BA5C6832}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B2212AD6-0123-47E4-BD5C-C73FE8CFF1DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8325D0B-77C8-4464-B61F-120D510EA7EF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B843942A-8F0C-40E3-A121-D8C3FD61B709}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D93640DC-B73D-4AF2-86F1-D74A19EA9EFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DA68D1BF-85E9-4090-BB0C-EE6AC02C4640}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E16B74C5-52B8-4731-BF20-2A6D315B1978}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E27EC0D7-ABA6-460B-BA94-0119AA16B6CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EA3786B9-7116-45FC-9A66-8324B6CE9A67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF4B84BE-2F64-4FB8-86E1-86354397D175}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F32B4190-8349-4F89-A890-94639D71876F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F3FD5A38-57D5-46FD-97A9-618D7B59E8A9}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0826073E-9218-466B-8FF5-5AA650DB5452}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{0C47ED56-62AB-415F-98D3-BD4CFDCEE720}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{1F38C315-9F5F-438C-8F33-234939CADC22}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{263529FC-43DD-47DE-88EB-2DCAD4E0815E}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{27EE9D81-89C2-438C-84F9-38E8FFC395A2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{2AA7B312-DF68-4CD7-8BA1-81197ABAB789}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3F6AE9BA-0C53-4B98-A8F2-16F48F2A807E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{40BF3683-0C2C-4D56-AE26-1716F14DBE9C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{41A69564-78F0-40B5-AFC8-1A05647FA7DE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{42EA6A5A-7DA7-4BE4-A01A-B8713E723BC9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5488E094-D77A-486A-A677-D6575B063F6D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{582510AF-B16F-4A36-8D30-9A3AEE42EB1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62AFAFD3-7C53-4BDC-8B4F-D39D6B920DBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6302A205-D4B0-4AA2-A521-831CCEFE778D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{666AFC67-7C7D-4879-9F5D-BA496E6CF39E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{6AAD0BC4-7EE4-4C7F-9787-0DAB67E131D4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{6AB8FC59-5E72-44E1-B465-971545AB37DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{70CB82DF-9647-4C7D-893A-2FD737464AC7}" = protocol=58 | dir=in | app=system | 
"{77FFFBA6-CB35-4F69-869E-B1CA9E68E997}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{85271CD7-629E-431C-8E22-E6124746296C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{87AA29D3-01D4-4F00-B59E-31E622C51EDB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{8CC1AC1E-6F23-4D1F-BE24-7867A91DCE13}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{96668A45-41C0-4E7E-9888-91509E91AB7B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{99F11127-BE19-4FA2-A835-53707BCFE10C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{9B15D6B3-D7B9-4470-B408-E3525D57F604}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A95E1F7C-AB72-41CB-A38D-EBD57EDDF573}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{AC1CDCA0-A266-42A2-A883-BD37431D4A1C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC9C8CE2-4BD2-4464-BDE9-45BE5CEA4D2F}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{B58AB589-FEEC-4B6A-9104-26316C403BE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B6FED0C7-D72E-4D0D-8592-F94099EC3FC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5F19128-BB1A-41AE-8118-B267886D4E6D}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{C8C9B868-4A40-4C6D-8A63-4C1C9464679B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D15A38FE-3A09-4341-A637-4C312DE633B2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{D33216C3-94CD-4501-A344-65129DF45659}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{DC7D3433-C413-4475-AA96-90CFCF8F2F5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DCB2BCC7-41C8-4FBF-9DE4-59FF8B39AA81}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{E086C3EF-2C85-4CED-8976-D08FD5CD2388}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{E1DAB04D-FF56-4552-A8FC-BBC37CEF1048}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F54C97AA-EA11-42A4-A37E-D3B3CD551A6D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{FA055011-4F7B-45E4-854A-DEB19766D436}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"TCP Query User{5CB3F9DB-E2EF-4D51-93C4-E1943EEB2646}C:\program files\steam\steamapps\playb0ihunnay\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\playb0ihunnay\team fortress 2\hl2.exe | 
"TCP Query User{71128BE1-7410-4CF3-B108-51E93E2CBDB6}D:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\program files\soulseek\slsk.exe | 
"TCP Query User{7800072B-85DD-4E42-A4A0-FAEC6A3F0163}C:\program files\steam\steamapps\slowsrt\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slowsrt\counter-strike source\hl2.exe | 
"TCP Query User{7B4F9ED0-E54F-4A9F-BAD3-71509A4BA826}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=6 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"TCP Query User{7E3A2151-C29E-43AD-9D26-AA2AD24B4B44}C:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe | 
"TCP Query User{82114AC0-6DBC-4B49-B320-E79DBB45A30C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{8427104F-B6C9-4FC7-91B4-0773C395F64B}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{99DA28B9-3C24-47B9-9722-6B11EEC766DE}C:\program files\encore\hoyle casino 2009\hoyle casino.exe" = protocol=6 | dir=in | app=c:\program files\encore\hoyle casino 2009\hoyle casino.exe | 
"TCP Query User{9D8A1C7D-8E7D-4E44-90BF-18DB69F99FE7}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{A19AAEED-FECD-4C03-BF27-023D52B50BC1}C:\program files\steam\steamapps\viperusn\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\viperusn\counter-strike source\hl2.exe | 
"TCP Query User{A53A5011-2350-44CD-A2B7-3D316E7E6B71}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{AB7EEF57-61C5-4783-A205-5299235820E4}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{B65E7023-278F-4818-A291-9E55EE04465C}C:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe | 
"TCP Query User{DF5F9530-44E9-411E-87CD-024058EBB78A}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{01BF60D4-B86E-4844-89F5-8B62CA135187}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{0AE427D0-03B1-4883-BB95-3F11CDF40E69}C:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe | 
"UDP Query User{17088977-63C3-4138-AD33-72FDE1AFAC86}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{199F6090-B6E8-4F38-8AE0-AE3C51C896B7}C:\program files\steam\steamapps\playb0ihunnay\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\playb0ihunnay\team fortress 2\hl2.exe | 
"UDP Query User{2AC57AE5-0DDF-4097-9317-A72B0CE9717D}C:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\viperusn\team fortress 2\hl2.exe | 
"UDP Query User{3EA1AB12-5412-44E7-ACBD-44EB7710FC12}C:\program files\encore\hoyle casino 2009\hoyle casino.exe" = protocol=17 | dir=in | app=c:\program files\encore\hoyle casino 2009\hoyle casino.exe | 
"UDP Query User{73D57316-94BF-4469-9A6B-08F6FAF37800}D:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\program files\soulseek\slsk.exe | 
"UDP Query User{9F77A1E1-6636-4F39-ABEC-7FB6DA5A4116}C:\program files\steam\steamapps\slowsrt\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slowsrt\counter-strike source\hl2.exe | 
"UDP Query User{A5DC0ABA-8E43-4C97-997C-99E36EB71225}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"UDP Query User{B1F68375-57A5-4E33-A877-922B2FAEC247}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{C3F3A95D-F3EA-4040-89F1-C2348E8DCBFA}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{D8A5563B-2A89-4AD6-B3DF-C08F6B90C4B2}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=17 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"UDP Query User{DC55F06D-D6B6-48C4-89BF-97B44B3081ED}C:\program files\steam\steamapps\viperusn\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\viperusn\counter-strike source\hl2.exe | 
"UDP Query User{F4A35A38-F2E2-4EC2-BBCB-3AF55BD5B232}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light
"{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C99779B-99A9-CE50-C43F-A9F765E1FE23}" = ATI Catalyst Install Manager
"{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}" = ESET NOD32 Antivirus
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E64B8C0B-9AD1-4C61-9CC4-5C36C02C5051}" = Fritz10 Service Pack
"{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIMTunes" = AIMTunes
"Chessbase 8 (ElGindy)" = Chessbase 8 (ElGindy)
"CHESSBASE 9 (Modfied by ElGindy)" = CHESSBASE 9 (Modfied by ElGindy)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"HijackThis" = HijackThis 2.0.2
"Hoyle Casino 2009" = Hoyle Casino 2009
"InfraRecorder" = InfraRecorder
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"NetTools_is1" = NetTools 5.0
"Soulseek2" = SoulSeek 157 NS 13c
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"TeamViewer 4" = TeamViewer 4
"The KMPlayer" = The KMPlayer (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2294938891-3926777733-105981096-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >



About "Blacklight", I do not have a Start > Run option since I am running Windows Vista...

And yes I installed TeamViewer intentionally to help some of my friends out when they have a problem.

And as for ESET NOD32 antivirus, I have the WINDOWS Firewall active.
n1x1n
Active Member
 
Posts: 4
Joined: August 15th, 2009, 7:36 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby hottroc » August 20th, 2009, 5:05 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. Unfortunately it is against forum policy to fix machines while these programs are installed as they cause most of the problems.

---> Soulseek <----

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the program listed above (in red).

Please run a new uninstall list scan when finished (instructions follow) and post the log back here.

Start HijackThis.
Click Open the Misc Tools section
Please click on the Open Uninstall Manager button. In the "Add/Remove Programs Manager" section please click on Save list.... Choose somewhere like your desktop to save the file to, call it "uninstall_list.txt" in the File name box, then click Save. Now go to your desktop and double-click the file you just saved to open it in Notepad, press Ctrl-A to Select All followed by Ctrl-C to Copy the entire contents of the file to the Clipboard. Next reply to this post and click Ctrl-V to Paste the contents of the file into your reply.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Suspected keylogger, hijacked Steam account...

Unread postby NonSuch » August 25th, 2009, 2:37 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware