hosts files

HI,I ran another OLT and at the end it was talking (applications events w/errors) does that mean anything at all that i should be worried about.
Also about the ESET popup i probably could go into REVO-UNINSTALLER and remove entirely if need be.

 

That was the wrong Log I need the OTL.txt Log and Not the extras log.

If you can, use REVO to uninstall ESET and don't worry about the error messages at the end of the Extras Log.

send me a copy of OTL.txt Log.

2oG

 

OTL logfile created on: 3/31/2013 5:21:06 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.26% Memory free
3.16 Gb Paging File | 2.56 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 103.51 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: WS3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\My Documents\Downloads\OTL(6).exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\82601b376b2b5bfcc25e15bb848914d1\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiLib.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WSWNA1100) -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ffcc) -- C:\WINDOWS\system32\ffcc.sys File not found
DRV - (epfwtdir) -- system32\DRIVERS\epfwtdir.sys File not found
DRV - (ehdrv) -- system32\DRIVERS\ehdrv.sys File not found
DRV - (eamon) -- system32\DRIVERS\eamon.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
DRV - (766b5317ee71183b991241dfaa6c210b) -- system32\766b5317ee71183b991241dfaa6c210b.sys File not found
DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (gfiark) -- C:\WINDOWS\system32\drivers\gfiark.sys (GFI Software)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3C67974A-CDB2-4701-AE85-78761959C8F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS504
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{956B18BA-4FB0-4D5D-B74A-7F297176057F}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9509C8F6-C426-4EF7-9A54-563530FA8B0A
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.6.55.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/07 02:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/26 18:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/25 13:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/03/28 18:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions
[2013/03/05 17:12:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2013/02/28 05:18:21 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\searchplugins\startpage-https.xml
[2013/03/07 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/13 16:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/07 23:43:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/08 16:10:30 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 12:03:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/06 07:50:50 | 000,003,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

========== Chrome ==========

CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

O1 HOSTS File: ([2013/02/27 02:08:10 | 000,444,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177783047764 (WUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3D99DD0-5767-40B3-B61A-C431092ADB1E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/28 09:07:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell - "" = AutoRun
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/31 16:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/03/30 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/30 05:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums_files
[2013/03/30 04:18:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/29 20:39:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/29 15:54:34 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/29 15:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/29 15:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/29 10:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2013/03/29 01:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/03/29 01:46:24 | 000,892,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
[2013/03/29 01:46:24 | 000,128,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2013/03/29 01:46:24 | 000,028,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2013/03/29 01:46:14 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/03/29 01:46:14 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/03/27 03:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2013/03/25 21:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/03/25 21:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/03/25 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Avg2013
[2013/03/24 05:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/03/24 05:01:56 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/03/24 05:01:54 | 015,668,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/03/24 05:01:54 | 000,223,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/03/24 05:01:53 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/03/24 05:00:49 | 019,689,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/03/24 05:00:49 | 007,745,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/03/24 05:00:49 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/03/24 05:00:49 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/03/24 05:00:49 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/03/24 05:00:49 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2013/03/24 05:00:49 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/03/24 05:00:46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/03/24 05:00:46 | 002,490,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/03/23 03:35:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/23 03:28:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2013/03/23 03:28:04 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/03/23 03:28:04 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/03/23 03:28:04 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/03/23 03:28:04 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/03/23 03:28:03 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/03/23 03:28:03 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/03/23 03:28:03 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/03/23 03:28:02 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/03/23 03:27:59 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/03/23 03:27:59 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/03/23 03:27:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2013/03/23 03:27:58 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/03/23 03:27:58 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/03/23 03:27:57 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/03/23 03:27:57 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/03/23 03:27:57 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/03/23 03:27:56 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/03/23 03:27:56 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/03/23 03:27:56 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/03/23 03:27:52 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2013/03/23 03:27:49 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/03/23 03:27:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2013/03/23 03:27:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2013/03/23 03:27:48 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2013/03/23 03:27:48 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2013/03/23 03:27:48 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2013/03/23 03:27:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/03/23 03:27:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/03/23 03:27:47 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/03/23 03:27:46 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2013/03/23 03:27:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/03/23 03:27:46 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/03/23 03:27:46 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/03/23 03:27:45 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/03/23 03:27:45 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/03/23 03:27:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/03/23 03:27:44 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/03/23 03:27:44 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/03/23 03:27:37 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/03/23 03:27:37 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/03/23 03:27:36 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/03/23 03:27:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/03/23 03:27:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/03/23 03:27:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/03/23 03:27:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/03/23 03:27:34 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/03/23 03:27:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/03/23 03:27:32 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/03/23 03:27:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/03/23 03:27:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/03/23 03:27:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/03/23 03:27:24 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/03/23 03:27:24 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/03/23 03:27:19 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/03/23 03:27:19 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/03/23 03:27:18 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/03/23 03:27:18 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/03/23 03:27:18 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/03/23 03:27:17 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/03/23 03:27:17 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/03/23 03:27:17 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/03/23 03:27:16 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/03/23 03:27:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/03/23 03:27:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/03/23 03:27:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/03/23 03:27:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/03/23 03:26:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/03/23 03:26:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/03/23 03:26:57 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/03/23 03:26:56 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/03/23 03:26:56 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/03/23 03:26:56 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/03/23 03:26:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/03/23 03:26:54 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/03/23 03:26:54 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/03/23 03:26:54 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2013/03/23 03:26:54 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/03/23 03:26:53 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/03/23 03:26:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/03/23 03:26:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/03/23 03:26:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/03/23 03:26:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/03/23 03:26:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/03/23 03:26:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/03/23 03:26:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/03/23 03:26:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/03/23 03:26:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/03/23 03:26:50 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2013/03/23 03:26:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/03/23 03:07:11 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/23 03:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/03/23 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/03/23 02:31:43 | 000,000,000 | ---D | C] -- C:\rei
[2013/03/23 02:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/03/22 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/17 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
[2013/03/09 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013/03/07 23:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/05 18:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Privatefirewall
[2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/03/05 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/05 17:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Qualys
[2013/03/05 10:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/04 16:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2013/03/04 16:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/03/04 15:45:44 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/02 11:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2013/03/02 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/03/02 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/31 17:18:22 | 000,001,022 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/31 17:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/31 16:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/31 15:35:43 | 000,143,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/03/31 15:27:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 15:26:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/31 15:26:14 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/31 15:25:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/31 13:03:38 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2013/03/31 13:00:32 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\OCCT.lnk
[2013/03/31 12:00:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/31 11:00:04 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/03/31 06:10:15 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{015D3F78-B8AB-4912-A42E-94BD6F2F3679}.job
[2013/03/31 01:19:51 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/30 16:49:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/03/30 16:39:26 | 050,469,376 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\eav_nt32_enu.msi
[2013/03/30 08:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/30 05:14:53 | 000,119,569 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums.htm
[2013/03/29 15:54:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/29 10:04:49 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/03/29 10:03:40 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/03/29 02:33:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/29 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/29 01:47:30 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/29 01:47:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/29 01:47:26 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/27 23:53:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/27 23:46:29 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/27 03:03:18 | 000,000,343 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/03/27 00:51:01 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/27 00:49:24 | 000,445,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-005034.backup
[2013/03/26 18:51:59 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/25 21:42:19 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-004924.backup
[2013/03/25 21:40:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/03/25 21:40:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/03/25 21:39:47 | 000,481,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/25 21:39:47 | 000,079,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/25 21:15:24 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/25 20:32:07 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_95
[2013/03/25 19:56:58 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_732
[2013/03/25 04:17:36 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_528
[2013/03/24 05:01:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/23 16:09:14 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_297
[2013/03/23 03:57:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_350
[2013/03/23 02:34:11 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/03/22 14:27:13 | 000,444,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_247
[2013/03/22 14:26:02 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142713.backup
[2013/03/22 06:54:51 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/03/22 06:44:41 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/20 00:31:39 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142602.backup
[2013/03/19 13:08:41 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/03/16 18:52:48 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/15 14:33:09 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/14 22:47:17 | 019,689,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/03/14 22:47:17 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/03/14 22:47:17 | 010,713,024 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2013/03/14 22:47:17 | 007,745,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/03/14 22:47:17 | 006,074,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/03/14 22:47:17 | 004,079,104 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/03/14 22:47:17 | 002,733,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/03/14 22:47:17 | 002,490,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/03/14 22:47:17 | 002,288,632 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2013/03/14 22:47:17 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/03/14 22:47:17 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/03/14 22:47:17 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/03/14 22:47:17 | 000,016,514 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/03/14 19:57:16 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/03/14 19:57:14 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/03/14 19:57:13 | 015,668,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/03/14 19:57:11 | 000,144,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/03/13 12:05:54 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/12 14:42:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 14:42:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/09 13:33:14 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/06 15:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/05 17:16:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/03/05 17:16:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/05 10:02:34 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/04 15:45:56 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/04 15:31:25 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2013/03/02 11:17:20 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/30 16:39:17 | 050,469,376 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\eav_nt32_enu.msi
[2013/03/30 05:14:45 | 000,119,569 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums.htm
[2013/03/29 10:04:49 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/03/29 10:03:39 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/03/29 01:56:26 | 000,001,022 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/29 01:46:15 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/03/24 05:01:18 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/24 05:01:18 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/24 05:01:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/24 05:01:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/24 05:00:49 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/03/23 03:27:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/03/23 03:27:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/03/23 03:27:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/03/23 03:27:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/03/23 03:27:37 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/03/23 03:27:37 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/03/23 03:27:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/03/23 03:27:34 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/03/23 03:04:33 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/23 02:33:54 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/23 02:32:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/23 02:29:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/03/15 14:33:09 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/09 13:33:14 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2013/03/09 13:33:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/03/05 10:02:34 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/02 14:31:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/02 11:17:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/02/25 02:07:50 | 000,143,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/09 04:43:29 | 000,946,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/13 11:12:48 | 000,000,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/07 20:36:30 | 000,788,388 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1592454029-839522115-1003-0.dat
[2012/12/07 20:36:28 | 000,270,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/29 13:35:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/05/24 14:15:23 | 000,005,816 | ---- | C] () -- C:\Documents and Settings\Admin\.tkt
[2012/05/11 01:52:40 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/05/11 01:52:40 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/05/11 01:52:40 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/05/11 01:52:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/05/11 01:52:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/04/24 11:16:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/22 17:22:49 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/07 11:34:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\bibstats
[2009/10/08 13:24:15 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/20 12:22:01 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/06/20 12:04:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2007/04/28 13:24:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

 

I have looked it over quickly and see nothing that is a threat. I really don't have the time to build a good fix right now but, you should be OK.

Let me know how it is doing and I'll get the Fix done as soon as I can. May be a couple of days.

How is it running right now??
2oG

 

HI,Right now browser comes up a lot faster then before,went I.E. and it came up faster too.
Any suggestions on virus tools it appears from what i seen written on these forms that some do better at controlling virus's others do better at malware/hackers and such,thanks

 

HI,2oldGeek,Well it looks like PC is on the mend as i can now switch between I.E and F/F
without much hesitation.
Last nite while on internet SB&D came up is there truth in rumor about some programs leaving a back door into a PC so it can come back while your backs turned and i have removed SB&D by way of REVO,Thanks again for all of your help will look at sons PC soon.

 

LOL you are changing things so fast it's hard for me to keep up with you...

You have a lot of remnants in your logs and I am trying to separate them... Ho Ho Ho

answer these questions please:
1. Did you uninstall Lavensoft Ad-Aware and Spybot S&D?
2. do you have Avast Antivirus installed?
3. are you running PrivateFirewall now?
4. you no longer have Avg anti-virus on this machine, correct?
5. you have SpywareBlaster installed and do you update it often?
6. you no longer have Comodo, correct?
You can keep SuperAntiSpyware if you like it's ok but, not as good as MBAM.
Update your MalwareBytesAntiMalware and run a scan.. Post it to me......

Glad to hear your new Video card is OK.....

2oG

 

HI,2oldGeek,answers to your questions.
(1)yes,(2)no,(3)no,(4)yes,(5)yes and yes,(6)yes,.
With SUPERAntiSpyware and MBAM is this redundent and if MBAM is a little better can i just without SUPERANTISPYWARE and yes i update all of what have on PC as needed.Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: WS3 [administrator]

4/1/2013 7:45:42 PM
mbam-log-2013-04-01 (19-45-42).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Heuristics/Extra | PUP | PUM
Scan options disabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | P2P
Objects scanned: 199153
Time elapsed: 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

HI,I appreciate all of your help if you want we can take a break and work on my sons PC in near future.
Would make a difference if ran some scans in the mean time like OTL,HJT and save them.
I have AVAST ANTI VIRUS installed now had MSE installed but do totally trust MS.

 

I apologize for intruding here but I hope you don't mind because I have a question.

In this thread, in the post of Senior Member 2oldGeek of 28th March 2013 @1758, he states "I see you have a little over 15,000 entries in your Hosts file.......... (I have over 200,000 entries in my Hosts file.)"

Could you please tell me how it came about, that there are so many entries in these "hosts" files. In the hosts files I have seen, either there no entries other than the text which is there by default or just a few entries that have been made by the user to block websites.

These 150,000 and 200,000 that 2oldGeek speaks of; have they been made by the users for a particular purpose or have they been made by websites, programmes and other applications from the internet?

Thank you

 

Hi floccinaucini,

The Hosts File was used when the internet first started and before DNS lookup service came into being.
At first in order to go to a site or computer you had to use the IP address like 50.126.214.190 . With a Hosts file you could put in a name for a computer or site like “Bill” for Bills computer on your network and then his IP address like “121.43.111.90” and when you typed Bill in your explorer, your computer would go to the IP address for Bill. After the DNS lookup servers were introduced it was much easier to address a computer without having to use a bunch of numbers and the Hosts file was no longer needed. Some years later it was found that the Hosts file could be used to block Bad sites from being able to get into your computer. By using your own computer’s local address which is 127.0.0.1 you can enter a bad guys address like www.badguy.com and use your local IP address, 127.0.0.1 and when something is sent to you from badguy your computer looks in the hosts file and sees his address as you, so it just loops back to itself and never receives anything from him……….. I have over 200,000 bad sites and URLs blocked in my Hosts file and it gets updated often to add new badguys to the list.

First thing to do is read on this site -> http://winhelp2002.mvps.org/hosts.htm
To better understand how it works.
I have been using the Hosts file for many years and highly recommend using it..
I just know you will have some questions so, after some reading, give me a shout with your quires and I’ll do my best to answer them….

2oG

 

Hello 2oldGeek,

This is the most comprehensive information about the 'hosts' file, I have ever received from any source! The link gives much information but your explanation of it, in your reply is so easy to understand. Thank you for some great computer support.

I have been told that after blocking a site using 127.0.0.1, you can check if the blocking is effective by a PING in the command window. could you please tell me how I can do this.

Kind regards.

 

Hi floccinaucini, you’re welcome and just glad I was able to help.

The PING command is one of the ways you can check.
Hold down the Windows key (next to the Alt key on your keyboard) and then press the “R” key. This will open the Run box where you type in CMD and click OK or just press enter. The Black command window will open with a prompt like this:

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\2oldGeek>_

At the prompt, type in PING and the web address of the site you are checking e.g.:

C:\Users\2oldGeek>ping google.com <enter>

The request and a small packet of data (32 bytes) are sent over the network to the other computer with this address. Once successfully received the other computer will reply to the ping with a pong response and return the packet. This is done 4 times and the time between when sent and received back is calculated to generate an average response or latency time. The IP address of the other computer is also returned to you. Google’s IP address is 74.125.227.2 – give it a try…

If the ping does not reach its destination because it is being blocked by the sending computer’s Hosts file it will show the IP address as 127.0.0.1, the local address of the sending computer. Because it is being looped back by the Hosts file, the ping has no contact with the blocked address.

You can also use the CMD command “tracert” as you would “ping”. This command is to trace the route through the servers to the other site and will also return a 127.0.0.1 IP if the site has been blocked.

Or you can simply type the site’s address into your browser and, if it has been blocked, it will give you an “unable to connect” message…

I use HostsMan.exe to manage my Hosts file. It auto loads any updates as they become available and if I want to go to one of the sites in the hosts list, I can simply turn it off or on with 1 click using HostsMan. I recommend using HostsMan it works well and it’s FREE!

Hope that helps. Anything else, just let me know.

2oG

 

Hello 2oldGeek,

Greetings to you. beautifully explained. You'd be surprised to know that I have asked questions about the 'hosts' file from many people including those who made it, Microsoft. No one has been able to give me proper explanation till I was fortunate to ask you.

There is another interesting thing. I have been told (I forget by who), that you can also use non-routable addresses such as, 10.11.12.13 or 172.16.17.18 in place of 127.0.0.1

Will this be effective as well as 127.0.0.1? If it is, could you please explain how these non-routable addresses work, when blocking a domain?

Kind regards.

 

Gee, thanks for the flowers, floccinaucini.
So glad I can help.

You’re looking down the right roads and I’ll give you some direction. But before I do remember this, the Hosts file is useful in certain circumstances but I never recommend it as a stand alone. It’s not updated quick enough, will miss a lot of bad sites and contain others that are not really bad. There are other alternatives and I’ll get to that later. First, to answer your question:

Two frequently updated hosts files which have the purpose of blocking malicious websites that I use are the ones from MVPs Hosts and hpHosts.

Two criteria for selecting the IP address where to redirect the unwanted domains are: (a) it should be different from the “real” address(es) and (b) they should be easily contactable (if they have a long delay, applications trying to contact them will block while trying to open a connection). Currently the loopback address (127.0.0.1) is used in both of the files I’ve mentioned; however this can cause problems in several situations:

• If a webserver is running on the local machine (for development), it will receive hits from the browser (which can interfere with the development process). Alternatively, if a different server is running on port 80 (or another port the application tries to contact) it may react in an unpredictable manner if it doesn’t understand the protocol (or the client might react incorrectly if the response is in a different format).
• Certain applications try to differentiate between local and remote sites by looking at the IP address and take different decisions. For example I’ve had problems with a Beta program because of my hosts file. More recently I have had issues with NoScript when using hosts files. (NoScript should be a Geek Only plugin. LOL)

The solution is to use an invalid IP address like 0.0.0.0. This, besides fixing the above issues, has also the added benefit of speed. A quick testing revealed a more than 100 fold improvement by using 0.0.0.0 instead of 127.0.0.1. My testing procedure was as follows:

1. I emptied my DNS cache (ipconfig /flushdns) and set up a hosts file with DNS names mapped to 127.0.0.1 (no server was listening on port 80)
2. I pinged each of the hostnames to get the domain names loaded in the cache
3. I tried to “download” a website from each of names using wget with one try (wget –t1 –i). Trying to contact 100 sites took 1m 44s.
4. I repeated the same process using 0.0.0.0 and wget finished ~1 sec (!)

In conclusion: using 0.0.0.0 to block DNS names with the hosts file has many advantages both from a functionality and speed point of view. To do this, simple search/replace your hosts file from 127.0.0.1 to 0.0.0.0 this can be done with HostXpert.exe (take care to leave the localhost entry alone. That one needs to be mapped to 127.0.0.1). Also, you will want to add this entry just before your first 0.0.0.0 "blocking" entry:

Code:

# Special Entries
0.0.0.0    0.0.0.0	    # fix for traceroute and netstat display anomaly

Without that entry, some network status and diagnostic apps will use the hostname associated with your first 0.0.0.0 "blocking" entry as the name of the default IP address.



Using a Hosts file can be beneficial to a point but, it cannot be updated soon enough to catch all the “Bad Guys” as fast as they are being pumped into the internet. The same applies to Antivirus, AntiSpyware and AntiMalware programs.

I hope by now you have used a Hosts file like MVPs and can see how it works to block bad sites. Now, try something that works almost like a Hosts file but, uses a different technology that speeds up the discovery of the Bad guys so that you are protected much sooner and also lets you block categories like bad words or pictures with too much skin showing that you don’t your kids to be exposed to. It’s called “Blue Coat K9 web protection” put that in Google and it will be the first thing to pop up. Read up on it then try it out. It’s Free for home use but you have to have a license to use it. You password it and your kids can’t get around it…….

There is no such thing as 'perfect security' but there are methods that are really close. Try out K9 and come back with more questions while I’m on a roll. Lol


2oG

 

Hello 2oldGeek,

I have done everything you suggested. The 0.0.0.0 method is noticeably faster than 127.0.0.0 To me it looks the best.

In your earlier post you explained " By using your own computer’s local address which is 127.0.0.1 you can enter a bad guys address like www.badguy.com and use your local IP address, 127.0.0.1 and when something is sent to you from badguy your computer looks in the hosts file and sees his address as you, so it just loops back to itself and never receives anything from him……"

Could you please give me the similar explanation, how the computer interprets when it sees the blocked address in the hosts file as 0.0.0.0 or 10.11.12.13 or 172 12.13.14 and process by which the bad guy gets blocked?

I got the Blue coat K9. It looks great. Thank you for all this help you have given me.

Best regards,

 

Hi floccinaucini,

The key is to use an INVALID address like 0.0.0.0. Hosts file knows this address is invalid and doesn’t spend time looking for it. 10.11.12.13, on the other hand, IS a valid address even if it’s not being used and Hosts file will look for it until it times out. Try typing 0.0.0.0 in your browser and see how long it takes to report that the connection was reset. Then type in 10.11.12.13 and you will see what I mean…. 172.12.13.14 will return a google scan, not good! Play with Hosts file but, its life span has just about been outlived as far as being very beneficial for security purposes. I still use it to block certain web sites on the network I manage but for the average user it’s just not that good anymore.

I build computers and always install a layered malware protection plan before giving the computer to a customer. I very seldom have a computer come back to my shop because of a malware problem.. As I said; there is no such thing as 'perfect security' but there are methods that are really close. If you are interested, let me know and I can give you some hints….. After almost 50 years of geeking, I find that, Good judgment comes from experience and that comes from a lot of bad judgment…. LOL

Best regards,
2oG

 

Hello 2oldGeek,

From you I learned about the functioning of the hosts file. This is after trying to learn this for the last two years! This is great help and thank you very much. I will definitely be coming here more often now!

I am certainly interested in any help you can give me. Please be kind enough to do that.

I have just installed Windows XP Professionl in my desk top. Is there help here for XP?

Kind regards

 

Hi floccinaucini,

Approximately 1 in every 4 or 5 computers running today are still using XP, but Windows XP is nearing the end of its life. Microsoft will be ending support for XP in 2014. Computers running XP should be upgraded by then because there won't be anymore security fixes or critical updates after that time. So it's a good idea to move on from XP before that happens. My suggestion, at this time, is Windows 7. I have not tested Windows 8, but my first impression is that it’s directed at IPads, IPhones, Tablets and Laptops and not full blown desktop computers IMHO…

I still have and use computers with XP Pro installed so, my following comments are based on XP being an operating system although it will work with the newer systems.


1.) FIREWALL

Hardware Firewall - A Router with SPI firewall - Highly recommended (almost mandatory), I never run a desktop without one….

Should I get a router when I get a DSL or cable broadband Internet service?
My answer is always, "Yes!"

Do I really need a router, even if I only have one computer that I’m connecting?
Think of it this way. Do you need a lock on your door?

The router functions to lock the Internet away from your computer. If your computer asks for something from the Internet, it asks the router. The router asks the IP address on the Internet.
The server at the other end can respond, and the router will know to which computer to route the response. But, no computer on the Internet side can INITIATE communications with your computer.
Your computer would not have an IP address on the Internet. Its address would be on the local home network (even if that network is nothing but one router and one computer). The WAN (Wide Area Network) port of the router is the only thing that has exposure to the Internet. The LAN (Local Area Network) is protected by the SPI Firewall.

So, what’s the big protection if you’re already running a software firewall? The importance is that you simply are not accessible. Some of the Windows flaws have been such that Windows itself would be subverted before a firewall program ever had a chance to block an incoming connection. So, the SPI will prevent that incoming connection…
Here are 2 routers that I use and recommend. Just be sure the router you choose has a SPI (Stateful Packet Inspection) Firewall. Both of these do:

http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190

http://www.newegg.com/Product/Product.aspx?Item=33-315-093&ParentOnly=1&IsVirtualParent=1


Software Firewall – With no router, mandatory. With a router, optional.

With NO router you will need a Third party firewall. I suggest: Online Armor Free Firewall, at the top of the heap. Comodo is rated highly too, your choice, I just prefer the options that Online Armor provides.

Important note – If your machine is running Windows XP w/ SP3 AND you are ALWAYS behind a hardware firewall then IMHO you don’t need a 3rd party firewall (most routers these days are a hardware firewall). Starting with SP2, Windows XP has a built-in firewall and that is sufficient.


2.) ANTIVIRUS

For a long time I used Avira Antivir but the newest version has some problems that I just can’t overlook. After a long testing session with Avast 8 free it is now my choice for an AV. Even though it has a lower detection rate than Avira it makes up for it by blocking malware before it can enter the computer. It does this with 8 different real time scanners and an auto sandbox that doesn’t allow you to install bad programs and keeps you safe while browsing the internet.

note: I test AV and AntiMalware programs in real time using real viruses, Trojans and malware.....


3.) MALWARE SCANNER

I use and recommend MalwareBytesAntiMalware Pro with a real time scanner - 14 days free trial – Lifetime License $24.95 and well worth it. Its so heart warming when it jumps up and blocks a *BAD* that you were trying to download. If you can’t see 24.95 then get the Free version and use it often, just in case one of the other layers missed something.


That’s about all I can handle for this session. I let you soak up some of that and have a chance for some questions before I go on to the final part of the equation like:

Category and URL Blockers
Secure DNS Servers
Browser based protection – Plug-ins
HIPS, heuristics
Sandboxes

With your next post, please let me know the specs. on your computer ie cpu speed, ram, drives, etc.

Best Regards,
2oG

 

comodo have a secure dns service its free works fine no issues with speed,i think google have one as well however i wouldn't trust em as far as i could thro em